Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't enable hidden files and can't access antivirus sites and

Started by facade , Feb 02 2010 10:02 AM

  • Please log in to reply

#1
facade
Posted 02 February 2010 - 10:02 AM

facade

    New Member

  • Member
  • Pip
  • 6 posts
hi,

This is my first post here, so apologies if i end up breaking any sort of etiquette. Currently i can't enable the view hidden files option. Everytime i try to do so, it simply resets itself. I tried following your anti malware guide, but i am unable to access the download link, chrome merely shows a DNS error and says the link is broken.. the same message is displayed whenever i try to access any antivirus sites and microsoft.com itself. i am also unable to update my antivirus as it shows error connecting to server. i am using AVG 8.0. also i am unable to shutdown the pc as whenever i try shutting down the pc it merely restarts instead of shutting down. i have to resort to switching off the power supply to switch off the pc and i realise this will definitely cause hardware issues in the long run. this problem has been going on for quite some time and i am very grateful for any sort of assistance.

thank you.

Edited by facade, 02 February 2010 - 10:36 AM.

  • 0

Advertisements

#2
RKinner
Posted 06 February 2010 - 01:57 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
try typing:

http://208.43.44.138/OTL.exe

For the OTL download. Does that work?

Is it any different in Safe Mode with Networking? Reboot and when you see the pc maker's logo, start slowly tapping the F8 key. Keep tapping until you see the Safe Mode menu then select Safe Mode with Networking.


Sometimes you have to get a friend to download the files and burn them to a CD.

Ron
  • 0

#3
facade
Posted 06 February 2010 - 09:35 AM

facade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hi..thanks for replying..anyhow, i can't enable safe mode at all..when i choose either safe mode or safe mode with networking during startup..it doesn't even reach the windows loading screen and it restarts itself..also the link seems to be broken as well..

thank you
  • 0

#4
RKinner
Posted 06 February 2010 - 11:56 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart.

Any better? If so follow the guidelines in the top post of the Malware Removal forum and post your logs. If not

Try Kaspersky's bootable CD from:

http://www.askvg.com...ure-and-others/

It's an iso file so you need to do a disk copy (from image) to get it to work then boot off it. It will scan your PC and fix a lot of things plus allows you to move files around. You may need to go into BIOS /CMOS setup to change the boot order so it looks at your CD/DVD drive before it tries the hard drive.

Ron
  • 0

#5
facade
Posted 06 February 2010 - 09:57 PM

facade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hey...the IE tweak didn't change anything and with the Malware cleaning guide..i can't download anything after step one other then OTL..here's the log..

Extras.txt

OTL Extras logfile created on: 2/7/2010 11:41:04 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.44 Gb Total Space | 2.12 Gb Free Space | 10.37% Space Free | Partition Type: NTFS
Drive D: | 147.24 Gb Total Space | 4.15 Gb Free Space | 2.82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 146.48 Gb Total Space | 28.54 Gb Free Space | 19.49% Space Free | Partition Type: NTFS
Drive J: | 151.60 Gb Total Space | 146.26 Gb Free Space | 96.47% Space Free | Partition Type: NTFS

Computer Name: USER-6842731F9F
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\mIRC\sysreset\mirc.exe" = D:\mIRC\sysreset\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\DC++\Downloads\mIRC V5 @ soul.UTPChat.net\mirc.exe" = C:\Program Files\DC++\Downloads\mIRC V5 @ soul.UTPChat.net\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe" = D:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia -- File not found
"D:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe" = D:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23170F69-40C1-2701-0442-000001000000}" = 7-Zip 4.42
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio 2.0
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5783F2D7-0201-0409-0002-0060B0CE6BBA}" = AutoCAD 2004
"{5783F2D7-0211-0409-0000-0060B0CE6BBA}" = AutoCAD Express Tools Volumes 1-9
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{67F5E390-8E09-4AE4-B7F2-705AFD23D86D}" = WinAutomation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}" = LIVE gaming on Windows Runtime Version 1.0.6027
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A81BFACE-B1CF-4AF0-B4D7-1A1256512116}" = Intel Audio Studio 2.0
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}" = ACDSee 7.0 PowerPack
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BED97FB6-E9E2-4DEC-009D-9950236206DA}" = Harry Potter - Quidditch World Cup
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{DC432844-6914-4421-910C-F1B05B3A761C}" = Nokia Music
"{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1" = John's Background Switcher 4.0
"{DE1FD294-CF2A-4936-92F4-B1B778371627}" = Intel® Desktop Utilities
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Office Password Recovery" = Advanced Office Password Recovery (remove only)
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Autodesk Express Viewer" = Autodesk Express Viewer
"AVG8Uninstall" = AVG 8.0
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"BitComet" = BitComet 0.89
"CdaC13Ba" = SafeCast Shared Components
"CDisplay_is1" = CDisplay 1.8
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"DC++" = DC++ 0.687
"DFX for Winamp" = DFX for Winamp
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"Game Booster_is1" = Game Booster
"GameSpy Arcade" = GameSpy Arcade
"Garena" = Garena
"Halo" = Microsoft Halo
"Hamachi" = Hamachi 1.0.3.0
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Full)
"Lexmark 4200 Series" = Lexmark 4200 Series
"Malfreemaps MY/SG/BN Map_is1" = MFM v1.72
"MEGAMAN X4DeinstKey" = MEGAMAN X4
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Need For Speed III" = Need For Speed III
"Nero8Lite_is1" = Nero 8 Micro 8.2.8.0
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"Nokia PC Suite" = Nokia PC Suite
"PROSet" = Intel® PRO Network Connections Drivers
"Proxy+" = Proxy+
"PSpice Student" = PSpice Student 9.1
"RealAlt_is1" = Real Alternative 1.52
"Registry Mechanic_is1" = Registry Mechanic 6.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Simba's Pride GameBreak" = Disney's Simba's Pride GameBreak
"The Incredible Hulk" = The Incredible Hulk
"Transformers Screensaver" = Transformers Screensaver
"VLC media player" = VLC media player 1.0.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinAutomation" = WinAutomation
"WinRAR archiver" = WinRAR archiver
"WITNESS 2003 Release 2 Educational" = WITNESS 2003 Release 2 Educational
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"X-Men Legends 2_is1" = X-Men Legends 2
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Messenger" = Yahoo! Messenger
"Zuma_Deluxe!_1.0" = Zuma Deluxe! 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/20/2009 7:51:42 AM | Computer Name = USER-6842731F9F | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/20/2009 7:53:42 AM | Computer Name = USER-6842731F9F | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/20/2009 9:32:42 AM | Computer Name = USER-6842731F9F | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/20/2009 9:42:42 AM | Computer Name = USER-6842731F9F | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/21/2009 2:19:56 PM | Computer Name = USER-6842731F9F | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/21/2009 2:19:56 PM | Computer Name = USER-6842731F9F | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/22/2009 12:05:48 AM | Computer Name = USER-6842731F9F | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/22/2009 12:05:49 AM | Computer Name = USER-6842731F9F | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/22/2009 1:36:48 AM | Computer Name = USER-6842731F9F | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/22/2009 1:50:49 AM | Computer Name = USER-6842731F9F | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

[ System Events ]
Error - 2/6/2010 11:29:00 PM | Computer Name = USER-6842731F9F | Source = Service Control Manager | ID = 7034
Description = The AVG8 Firewall service terminated unexpectedly. It has done this
1 time(s).

Error - 2/6/2010 11:29:00 PM | Computer Name = USER-6842731F9F | Source = Service Control Manager | ID = 7034
Description = The C-DillaCdaC11BA service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/6/2010 11:29:00 PM | Computer Name = USER-6842731F9F | Source = Service Control Manager | ID = 7034
Description = The Nero BackItUp Scheduler 3 service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/6/2010 11:29:00 PM | Computer Name = USER-6842731F9F | Source = Service Control Manager | ID = 7034
Description = The PLFlash DeviceIoControl Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/6/2010 11:29:00 PM | Computer Name = USER-6842731F9F | Source = Service Control Manager | ID = 7034
Description = The SmartLinkService service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/6/2010 11:29:01 PM | Computer Name = USER-6842731F9F | Source = Service Control Manager | ID = 7034
Description = The NMIndexingService service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/6/2010 11:29:01 PM | Computer Name = USER-6842731F9F | Source = Service Control Manager | ID = 7034
Description = The WinAutomation Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/6/2010 11:36:01 PM | Computer Name = USER-6842731F9F | Source = Service Control Manager | ID = 7023
Description = The Logon Network service terminated with the following error: %%1114

Error - 2/6/2010 11:36:01 PM | Computer Name = USER-6842731F9F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Intel® Desktop Utilities
Service service to connect.

Error - 2/6/2010 11:36:01 PM | Computer Name = USER-6842731F9F | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%2


< End of report >

OTL.txt

OTL logfile created on: 2/7/2010 11:41:04 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.44 Gb Total Space | 2.12 Gb Free Space | 10.37% Space Free | Partition Type: NTFS
Drive D: | 147.24 Gb Total Space | 4.15 Gb Free Space | 2.82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 146.48 Gb Total Space | 28.54 Gb Free Space | 19.49% Space Free | Partition Type: NTFS
Drive J: | 151.60 Gb Total Space | 146.26 Gb Free Space | 96.47% Space Free | Partition Type: NTFS

Computer Name: USER-6842731F9F
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/07 11:39:37 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2010/01/25 22:09:36 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/11/19 11:17:47 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2009/09/24 07:25:28 | 000,119,104 | ---- | M] (johnsadventures.com) -- C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
PRC - [2009/09/15 17:51:15 | 000,147,096 | ---- | M] (Softomotive) -- C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe
PRC - [2009/09/15 17:50:59 | 000,171,672 | ---- | M] (Softomotive) -- C:\Program Files\WinAutomation\WinAutomation.DIAgent.exe
PRC - [2009/08/11 21:22:19 | 003,114,416 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2009/03/18 03:25:47 | 000,408,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/03/18 03:25:46 | 000,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/03/18 03:25:36 | 001,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/03/18 03:25:34 | 001,212,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe
PRC - [2009/03/18 03:25:34 | 000,638,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/03/18 03:25:34 | 000,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/06/24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/06/24 16:05:56 | 000,537,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2008/06/08 09:31:04 | 000,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008/02/18 21:01:01 | 000,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2007/07/22 19:31:34 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/02 05:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2005/08/05 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/08/04 11:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004/08/04 08:56:58 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe
PRC - [2004/01/13 18:00:02 | 000,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004/01/13 17:55:52 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/07 11:39:37 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
MOD - [2009/03/26 23:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2009/03/18 03:26:18 | 000,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll
MOD - [2007/07/22 19:17:19 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/19 11:17:47 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2009/09/15 17:51:15 | 000,147,096 | ---- | M] (Softomotive) [Auto | Running] -- C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe -- (WinAutomation Service)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/18 03:25:34 | 001,212,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8)
SRV - [2009/03/18 03:25:34 | 000,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/03/10 01:51:17 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/06/24 16:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/06/08 09:31:04 | 000,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/08/05 21:05:00 | 000,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005/08/04 11:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/29 20:07:00 | 001,302,016 | ---- | M] (OSA Technologies, Inc.) [Auto | Stopped] -- C:\Program Files\Intel\IDU\IDUServ.exe -- (iHCService) Intel®
SRV - [2004/08/04 08:56:58 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2004/01/13 18:00:02 | 000,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.searchsla...ef=home&id=146"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: [email protected]:2.16.1
FF - prefs.js..extensions.enabledItems: [email protected]:6.5
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.3.20091122_AMO
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/03/18 03:25:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/09/05 19:45:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 2\components [2010/01/26 02:27:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 2\plugins [2010/01/25 22:23:40 | 000,000,000 | ---D | M]

[2009/03/31 06:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/02/06 22:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4rrbu5b7.default\extensions
[2009/12/03 12:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4rrbu5b7.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/11/27 13:57:40 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4rrbu5b7.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/11/17 01:12:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4rrbu5b7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/08 18:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4rrbu5b7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/11/06 13:02:17 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4rrbu5b7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/03 12:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4rrbu5b7.default\extensions\[email protected]
[2009/11/06 02:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4rrbu5b7.default\extensions\[email protected]
[2009/12/03 12:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4rrbu5b7.default\extensions\SkipScreen@SkipScreen
[2009/09/14 21:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4rrbu5b7.default\extensions\[email protected]
[2009/11/06 02:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4rrbu5b7.default\extensions\[email protected]

O1 HOSTS File: ([2009/01/23 11:38:49 | 000,000,832 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 support.alcohol-soft.com
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: AmsServer
O1 - Hosts: 
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [WinAutomation Agent] C:\Program Files\WinAutomation\WinAutomation.DIAgent.exe (Softomotive)
O4 - HKCU..\Run: [BackgroundSwitcher] C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\rncsys32.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\NPJPI150_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\winqto32: DllName - winqto32.dll - C:\WINDOWS\System32\winqto32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\johnsadventures.com\Background Switcher\ActiveBackground.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\johnsadventures.com\Background Switcher\ActiveBackground.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/01 00:48:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/03 17:13:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/01/01 05:29:01 | 000,000,874 | ---- | M] () - C:\AutoSetup.log -- [ NTFS ]
O32 - AutoRun File - [2009/10/03 17:13:43 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/02/02 15:36:23 | 000,000,099 | ---- | M] () - I:\autorun.inf.vir -- [ NTFS ]
O32 - AutoRun File - [2010/02/02 15:36:41 | 000,000,099 | ---- | M] () - J:\autorun.inf.vir -- [ NTFS ]
O33 - MountPoints2\{01698593-f1c2-11dd-8b4a-00167671f6b1}\Shell - "" = AutoRun
O33 - MountPoints2\{01698593-f1c2-11dd-8b4a-00167671f6b1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19f3d254-e2cf-11dd-8b3b-00167671f6b1}\Shell - "" = AutoRun
O33 - MountPoints2\{19f3d254-e2cf-11dd-8b3b-00167671f6b1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19f3d255-e2cf-11dd-8b3b-00167671f6b1}\Shell - "" = AutoRun
O33 - MountPoints2\{19f3d255-e2cf-11dd-8b3b-00167671f6b1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{214b9bc0-4f61-11de-8b83-00167671f6b1}\Shell\AutoRun\command - "" = F:\tmp\winfix.exe -- File not found
O33 - MountPoints2\{214b9bc0-4f61-11de-8b83-00167671f6b1}\Shell\OpEn\cOMmAnD - "" = F:\tmp\winfix.exe -- File not found
O33 - MountPoints2\{a564abfa-1513-11de-8b62-00167671f6b1}\Shell - "" = AutoRun
O33 - MountPoints2\{a564abfa-1513-11de-8b62-00167671f6b1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4c1904c-3475-11de-8b6e-00167671f6b1}\Shell - "" = AutoRun
O33 - MountPoints2\{c4c1904c-3475-11de-8b6e-00167671f6b1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d8234ac8-c756-11de-8c54-00167671f6b1}\Shell\AutoRun\command - "" = tmp\winfix.exe
O33 - MountPoints2\{d8234ac8-c756-11de-8c54-00167671f6b1}\Shell\OpEn\cOMmAnD - "" = tmp\winfix.exe
O33 - MountPoints2\{dc262567-0e23-11df-8cf9-00167671f6b1}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{dc262567-0e23-11df-8cf9-00167671f6b1}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{e42c2609-8a8e-11de-8c1f-00167671f6b1}\Shell\AutoRun\command - "" = J:\tmp\winfix.exe -- File not found
O33 - MountPoints2\{e42c2609-8a8e-11de-8c1f-00167671f6b1}\Shell\OpEn\cOMmAnD - "" = J:\tmp\winfix.exe -- File not found
O33 - MountPoints2\{f53127ef-4ea3-11de-8b80-00167671f6b1}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{f53127ef-4ea3-11de-8b80-00167671f6b1}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{f63ed81b-8501-11de-8c1b-00167671f6b1}\Shell\AutoRun\command - "" = I:\tmp\winfix.exe -- File not found
O33 - MountPoints2\{f63ed81b-8501-11de-8c1b-00167671f6b1}\Shell\OpEn\cOMmAnD - "" = I:\tmp\winfix.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/01/01 00:48:17 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: fgzctq - C:\WINDOWS\system32\giuks.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/03 00:26:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/03 00:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/02 23:54:43 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/02/02 23:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/02 23:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Simply Super Software
[2010/02/02 23:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/02/02 23:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Simply Super Software
[2010/02/02 23:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/02/01 14:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Emulators
[2010/01/26 23:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Surat PM
[2010/01/26 22:41:14 | 000,026,112 | ---- | C] (NirSoft) -- C:\WINDOWS\System32\nircmd.exe
[2010/01/25 22:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Desktop
[2010/01/25 22:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Temp
[2009/05/06 12:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Nokia
[2009/05/06 12:02:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/18 03:24:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/18 03:24:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/18 03:24:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/01/23 11:50:13 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2009/01/23 11:50:13 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[1 C:\Documents and Settings\user\*.tmp files -> C:\Documents and Settings\user\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/07 11:34:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/07 11:34:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/07 11:34:20 | 2145,443,840 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/07 11:31:44 | 015,466,496 | ---- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/02/07 11:31:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/02/07 11:14:02 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-839522115-1003UA.job
[2010/02/06 22:14:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-839522115-1003Core.job
[2010/02/06 21:19:31 | 000,000,460 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2010/02/04 23:26:56 | 000,011,811 | ---- | M] () -- C:\SK SERI MAWAR.docx
[2010/02/04 12:01:19 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 02:12:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/03 21:41:49 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lexmark 4200 Series All-In-One Center.lnk
[2010/02/03 21:41:33 | 000,014,283 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Name List Science.docx
[2010/02/03 00:26:26 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/01 23:31:09 | 000,014,484 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Kamalini's surat to perdana menteri.docx
[2010/02/01 23:15:35 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MINIT CURAI.doc
[2010/02/01 21:29:43 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Ceramah Alam Sekitar.doc
[2010/01/31 22:39:24 | 000,015,913 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Name List Mathematics.docx
[2010/01/30 22:25:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/28 02:19:22 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Sundraj.doc
[2010/01/27 23:00:38 | 000,020,263 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Bagai aur dengan tebing.docx
[2010/01/26 21:18:40 | 000,012,748 | ---- | M] () -- C:\Documents and Settings\user\My Documents\nama murid....docx
[2010/01/25 00:29:30 | 000,012,682 | ---- | M] () -- C:\Documents and Settings\user\My Documents\surat.docx
[2010/01/25 00:29:25 | 000,012,034 | ---- | M] () -- C:\Documents and Settings\user\My Documents\surat.docxh.docx
[1 C:\Documents and Settings\user\*.tmp files -> C:\Documents and Settings\user\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/05 13:13:07 | 000,728,161 | ---- | C] () -- C:\Documents and Settings\user\Desktop\05082009158.jpg
[2010/02/05 13:13:07 | 000,683,478 | ---- | C] () -- C:\Documents and Settings\user\Desktop\05082009157.jpg
[2010/02/05 13:13:06 | 000,532,187 | ---- | C] () -- C:\Documents and Settings\user\Desktop\05082009159.jpg
[2010/02/04 23:26:55 | 000,011,811 | ---- | C] () -- C:\SK SERI MAWAR.docx
[2010/02/03 21:41:49 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lexmark 4200 Series All-In-One Center.lnk
[2010/02/03 00:26:26 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/02 23:24:37 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/02/02 23:24:37 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/02/02 23:24:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/02/01 23:15:34 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MINIT CURAI.doc
[2010/02/01 21:29:42 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Ceramah Alam Sekitar.doc
[2010/01/31 22:17:57 | 000,015,913 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Name List Mathematics.docx
[2010/01/31 22:13:47 | 000,014,283 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Name List Science.docx
[2010/01/31 15:54:08 | 000,014,484 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Kamalini's surat to perdana menteri.docx
[2010/01/28 02:19:21 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Sundraj.doc
[2010/01/27 23:00:37 | 000,020,263 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Bagai aur dengan tebing.docx
[2010/01/26 21:18:39 | 000,012,748 | ---- | C] () -- C:\Documents and Settings\user\My Documents\nama murid....docx
[2010/01/25 22:09:53 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-839522115-1003UA.job
[2010/01/25 22:09:51 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-839522115-1003Core.job
[2010/01/25 00:29:23 | 000,012,034 | ---- | C] () -- C:\Documents and Settings\user\My Documents\surat.docxh.docx
[2010/01/24 20:15:44 | 000,012,682 | ---- | C] () -- C:\Documents and Settings\user\My Documents\surat.docx
[2010/01/08 20:03:47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
[2009/12/02 18:06:52 | 000,000,090 | ---- | C] () -- C:\WINDOWS\WA.INI
[2009/12/01 23:04:09 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\winqto32.dll
[2009/12/01 23:03:30 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\winfuq32.dll
[2009/11/27 18:13:59 | 000,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2009/11/27 18:10:28 | 000,000,221 | ---- | C] () -- C:\WINDOWS\emsoft.ini
[2009/11/27 18:10:07 | 000,000,028 | ---- | C] () -- C:\WINDOWS\boxworld.ini
[2009/09/05 18:29:37 | 000,961,696 | ---- | C] () -- C:\Documents and Settings\user\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
[2009/08/13 17:34:59 | 000,001,753 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2009/06/20 13:18:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Application Data\wiaserva.log
[2009/06/17 22:09:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WORDSE~1.INI
[2009/06/17 00:47:15 | 000,000,460 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/06/17 00:46:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbmvs.dll
[2009/06/17 00:46:23 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\lxbmcoin.ini
[2009/06/17 00:46:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBMLCNP.DLL
[2009/06/15 21:40:08 | 000,000,304 | ---- | C] () -- C:\WINDOWS\TetrisPk.ini
[2009/06/08 15:22:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009/06/08 15:22:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009/06/04 22:39:29 | 000,000,022 | ---- | C] () -- C:\WINDOWS\WINTOYS.INI
[2009/05/06 11:37:43 | 000,369,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/04/30 15:07:28 | 000,006,009 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI
[2009/04/30 15:07:23 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[2009/04/30 15:07:23 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[2009/04/30 15:07:22 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[2009/04/30 15:07:22 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[2009/04/30 15:07:22 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[2009/04/30 15:07:22 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[2009/04/30 15:07:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[2009/04/30 15:07:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[2009/04/30 15:07:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[2009/04/30 15:07:21 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[2009/04/30 15:07:21 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[2009/04/30 15:07:21 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[2009/04/30 15:07:21 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[2009/04/30 15:07:21 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[2009/04/30 15:07:21 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[2009/04/30 15:07:21 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2009/03/18 03:20:06 | 000,084,418 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
[2009/03/17 13:54:17 | 000,103,424 | RHS- | C] () -- C:\WINDOWS\System32\giuks.dll
[2009/03/13 12:04:36 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/13 12:04:33 | 002,330,643 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/03/13 12:04:33 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/13 12:04:33 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/13 12:04:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/03/13 12:04:31 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/13 12:04:31 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/02/11 23:36:25 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\user\Application Data\alarms.ini
[2009/02/11 23:36:23 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\user\Application Data\AtomicAlarmClock.ini
[2009/01/29 23:48:31 | 000,000,170 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/01/23 11:53:22 | 000,646,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/01/03 23:39:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/01/03 23:39:27 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/01/03 08:23:32 | 000,000,520 | ---- | C] () -- C:\WINDOWS\NSSHAFT.INI
[2004/01/01 05:45:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2004/01/01 05:23:37 | 000,000,056 | ---- | C] () -- C:\Program Files\Common Files\appop.log
[2004/01/01 01:20:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== LOP Check ==========

[2009/01/05 23:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/11/19 11:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/06/24 12:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2009/09/05 19:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/05/06 11:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/05/06 12:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/10/01 12:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\POPWWPROFILES
[2009/12/14 23:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/02/02 23:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/12/27 12:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softomotive
[2010/02/03 11:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/27 12:53:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9820EE16-436D-48D4-9946-D7517C5C1D73}
[2009/01/06 03:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ACD Systems
[2009/01/29 23:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Activision
[2009/11/19 11:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Autodesk
[2009/09/08 20:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Crayon Physics Deluxe
[2010/02/07 11:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DMCache
[2010/01/27 19:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IDM
[2004/01/01 05:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Intervideo
[2009/11/27 14:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\johnsadventures.com
[2009/01/14 22:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Kingston
[2009/09/16 02:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Moyea
[2009/09/13 17:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nokia
[2009/05/06 12:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nseries
[2009/05/06 12:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PC Suite
[2009/10/02 16:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SEGA
[2010/02/02 23:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Simply Super Software

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 07:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 07:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 07:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 07:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 07:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/07/22 19:13:56 | 000,346,624 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2007/07/22 19:13:56 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/03/17 13:54:17 | 000,103,424 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\giuks.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/01/23 11:53:22 | 000,646,392 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2004/01/01 08:24:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/01/01 08:24:59 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/01/01 08:24:59 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >


thanks in advance...oh and btw..i can currently view my hidden files after i managed to use Trojan Remover..
  • 0

#6
RKinner
Posted 06 February 2010 - 11:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You have some infected USB drives.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************************************
reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f

**********************************************************************

Start, Run, cmd, OK to bring up a new Command Prompt window. Rightclick and select Paste and the above text should appear. Make sure you got it all and then hit Enter.

Close the Command Prompt window.

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron

PS Firefox looks like it has a proxy just like IE. In Firefox: Tools Options Advanced Settings and check No Proxy. OK

R

Edited by RKinner, 06 February 2010 - 11:56 PM.

  • 0

#7
facade
Posted 07 February 2010 - 04:47 AM

facade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

Thank you for your prompt reply. I ran Combofix as u requested and have attached the log below. Currently I am able to access the websites which i previously couldn't and am in the midst of updating AVG's database. Are there anymore problems left in my computer?

Thanks.

ComboFix Log

ComboFix 10-02-06.03 - user 02/07/2010 18:17:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1622 [GMT 8:00]
Running from: c:\documents and settings\user\Desktop\Arvin.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Application Data\wiaserva.log
c:\documents and settings\user\Start Menu\Programs\Startup\rncsys32.exe
C:\LOG.TXT
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-2083413231-3479009572-427705080-3878
c:\recycler\S-1-5-21-4159346990-1151344331-059446947-0842
c:\recycler\S-1-5-21-4445157615-8801515605-604839957-8610
c:\recycler\S-1-5-21-4932859815-8968551565-178159698-8841
c:\recycler\S-1-5-21-6653351503-5033218481-968627562-1960
c:\recycler\S-1-5-21-6862534574-1540497758-335883397-1734
c:\recycler\S-1-5-21-7835395693-0423000715-035399127-4103
c:\recycler\S-1-5-21-8084574174-2367815056-566246012-4982
c:\recycler\S-1-5-21-8259577479-9638660999-902883855-8515
c:\recycler\S-1-5-21-9679230589-7734234166-533157028-6343
c:\windows\system32\giuks.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FGZCTQ
-------\Legacy_SSHNAS
-------\Service_fgzctq
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-02-03 03:51 . 2009-12-11 10:05 3613560 ----a-w- c:\documents and settings\user\Application Data\Simply Super Software\Trojan Remover\aif1F8E.exe
2010-02-02 16:51 . 2009-12-11 10:05 3613560 ----a-w- c:\documents and settings\user\Application Data\Simply Super Software\Trojan Remover\nwt1F4E.exe
2010-02-02 16:26 . 2010-02-02 16:26 -------- d-----w- c:\program files\ERUNT
2010-02-02 15:54 . 2010-02-02 16:04 -------- d-----w- C:\SDFix
2010-02-02 15:26 . 2010-02-03 03:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-02 15:25 . 2009-12-11 10:05 3613560 ----a-w- c:\documents and settings\user\Application Data\Simply Super Software\Trojan Remover\dex1A.exe
2010-02-02 15:24 . 2006-06-19 04:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-02 15:24 . 2006-05-25 06:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-02 15:24 . 2005-08-25 16:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-02 15:24 . 2003-02-02 11:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-02-02 15:24 . 2010-02-02 15:25 -------- d-----w- c:\program files\Trojan Remover
2010-02-02 15:24 . 2010-02-02 15:24 -------- d-----w- c:\documents and settings\user\Application Data\Simply Super Software
2010-02-02 15:24 . 2010-02-02 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-01-26 14:41 . 2006-07-23 17:38 26112 ----a-w- c:\windows\system32\nircmd.exe
2010-01-25 14:09 . 2010-01-29 03:15 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 10:34 . 2009-11-05 16:18 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
2010-02-07 10:04 . 2009-09-05 16:06 -------- d-----w- c:\documents and settings\user\Application Data\Winamp
2010-02-07 09:20 . 2009-07-27 11:17 -------- d-----w- c:\documents and settings\user\Application Data\vlc
2010-02-03 14:30 . 2010-01-07 19:14 0 ----a-w- c:\documents and settings\user\ntuser.tmp
2010-01-27 11:56 . 2009-11-05 16:18 -------- d-----w- c:\documents and settings\user\Application Data\IDM
2010-01-27 01:21 . 2009-02-04 04:16 -------- d-----w- c:\program files\Real Alternative
2010-01-27 01:21 . 2009-02-25 17:31 -------- d-----w- c:\program files\Witness 2003 Release 2
2010-01-27 01:21 . 2003-12-31 16:44 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-27 01:21 . 2009-12-22 16:28 -------- d-----w- c:\program files\Garena
2010-01-27 01:21 . 2009-03-16 15:48 -------- d-----w- c:\program files\GameSpy Arcade
2010-01-26 06:00 . 2009-01-05 03:40 -------- d-----w- c:\program files\DC++
2010-01-25 14:23 . 2009-03-01 21:15 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 2
2010-01-23 05:03 . 2009-11-05 16:17 -------- d-----w- c:\program files\Internet Download Manager
2010-01-11 05:16 . 2009-03-13 02:39 -------- d-----w- c:\program files\UltraISO
2009-12-28 04:00 . 2009-12-28 04:00 -------- d-----w- c:\program files\Disney Interactive
2009-12-27 08:21 . 2009-12-27 08:21 287 ----a-w- c:\windows\EReg072.dat
2009-12-27 08:20 . 2009-12-27 08:20 -------- d-----w- c:\program files\Electronic Arts
2009-12-27 08:08 . 2009-01-30 04:59 -------- d-----w- c:\program files\EA Games
2009-12-27 04:53 . 2009-12-27 04:53 -------- d-----w- c:\program files\WinAutomation
2009-12-27 04:53 . 2009-12-27 04:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{9820EE16-436D-48D4-9946-D7517C5C1D73}
2009-12-27 04:53 . 2009-12-27 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Softomotive
2009-12-15 11:57 . 2009-12-15 11:57 -------- d-----w- c:\documents and settings\user\Application Data\CyberLink
2009-12-14 15:07 . 2009-12-14 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-12-14 15:07 . 2009-12-14 15:02 -------- d-----w- c:\program files\Security Task Manager
2009-12-04 10:50 . 2009-03-19 09:32 26 ----a-w- c:\windows\popcinfo.dat
2009-12-01 15:31 . 2009-12-01 15:31 198064 ----a-w- c:\documents and settings\user\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-12-01 15:04 . 2009-12-01 15:04 37888 ----a-w- c:\windows\system32\winqto32.dll
2009-12-01 15:03 . 2009-12-01 15:03 37888 ----a-w- c:\windows\system32\winfuq32.dll
2009-11-19 04:07 . 2004-01-04 21:36 100440 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-19 03:17 . 2009-11-19 03:17 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS
2009-11-19 03:17 . 2009-11-19 03:17 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2003-12-31 21:23 . 2003-12-31 21:23 56 ----a-w- c:\program files\Common Files\appop.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"BackgroundSwitcher"="c:\program files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2009-09-23 119104]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-08-11 3114416]
"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-25 135664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-17 1235736]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 8597586]
"WinAutomation Agent"="c:\program files\WinAutomation\WinAutomation.DIAgent.exe" [2009-09-15 171672]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\user\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-17 19:26 10520 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winqto32]
2009-12-01 15:04 37888 ----a-w- c:\windows\system32\winqto32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^rncsys32.exe]
path=c:\documents and settings\user\Start Menu\Programs\Startup\rncsys32.exe
backup=c:\windows\pss\rncsys32.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Computer Alarm Clock
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-13 18:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\awTray.exe]
2005-03-10 18:35 1910784 ----a-w- c:\program files\Intel\IDU\awtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
2005-08-09 09:35 8597586 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
2005-04-29 12:06 1267200 ----a-w- c:\program files\Intel\IDU\iptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
2004-01-15 21:04 57344 ----a-w- c:\program files\Lexmark 4200 Series\lxbmbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 04:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-07-22 11:16 2331936 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 07:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-11 19:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-12-06 13:31 36975 ----a-w- c:\program files\Java\jre1.5.0_01\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/18/2009 3:26 AM 12936]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [1/23/2009 11:50 AM 5248]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/18/2009 3:26 AM 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/18/2009 3:26 AM 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/18/2009 3:25 AM 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [3/18/2009 3:25 AM 1212184]
R2 WinAutomation Service;WinAutomation Service;c:\program files\WinAutomation\WinAutomation.ServiceAgent.exe [9/15/2009 5:51 PM 147096]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/18/2009 3:25 AM 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/18/2009 3:25 AM 29208]
S3 cpuz130;cpuz130;\??\c:\docume~1\user\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\OSQCAD.tmp --> c:\docume~1\user\LOCALS~1\Temp\OSQCAD.tmp [?]
S3 khbjxjxvy;khbjxjxvy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/5/2009 7:11 PM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9/5/2009 7:11 PM 8320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/23/2009 11:53 AM 646392]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [1/23/2009 11:50 AM 159616]
.
Contents of the 'Scheduled Tasks' folder

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-839522115-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-25 14:09]

2010-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-839522115-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-25 14:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = 127.0.0.1:9666
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4rrbu5b7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchslate.com/wp.ashx?ref=home&id=146
FF - component: c:\documents and settings\user\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\user\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SigmatelSysTrayApp - sttray.exe
ActiveSetup-{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe
AddRemove-mIRC - c:\program files\DC++\Downloads\mIRC V5 @ soul.UTPChat.net\mirc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 18:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\OSQCAD.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\khbjxjxvy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{09f184e6-df92-46b9-a9e2-9da11e5b1ba1}]
@Denied: (Full) (Everyone)
"Model"=dword:0000014a
"Therad"=dword:00000017

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):12,f3,1b,f8,2d,90,aa,2b,79,58,97,8f,ae,68,57,18,5a,d5,97,36,c9,
51,67,e5,02,1f,10,23,35,bf,49,2f,5e,47,24,eb,3d,a4,41,7f,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fd,9a,09,90,97,65,80,a9,fe,a3,34,d6,e6,e9,3f,d4,cd,9b,30,f4,72,
3f,6a,44,14,61,a7,99,9e,32,4f,61,88,70,a3,cf,28,93,39,ef,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bf5f8dce-407e-4d3e-b087-7dd93aeaf4ea}]
@Denied: (Full) (Everyone)
"Model"=dword:00000021
"Therad"=dword:00000002
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\winqto32.dll

- - - - - - - > 'explorer.exe'(448)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\documents and settings\user\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\AVG\AVG8\avgupd.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2010-02-07 18:40:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-07 10:40

Pre-Run: 1,523,568,640 bytes free
Post-Run: 1,315,512,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4D71D9EC02EC002B119CC5A5CE1CFF0B
  • 0

#8
RKinner
Posted 07 February 2010 - 11:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c

***********************************

KillAll::

Driver::
cpuz130
khbjxjxvy

File::
c:\windows\system32\winqto32.dll
c:\windows\system32\winfuq32.dll
c:\windows\system32\01.tmp
c:\docume~1\user\LOCALS~1\Temp\cpuz130\cpuz_x32.sys

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{09f184e6-df92-46b9-a9e2-9da11e5b1ba1}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bf5f8dce-407e-4d3e-b087-7dd93aeaf4ea}]

Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{09f184e6-df92-46b9-a9e2-9da11e5b1ba1}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bf5f8dce-407e-4d3e-b087-7dd93aeaf4ea}]

**********************************************************************************

Now open Notepad by Start, Run, notepad, OK and then paste the text into notepad with Ctrl + v.

File, Save As, (TO YOUR DESKTOP!) CFScript , OK. Close Notepad.

Find the CFScript.txt file on your desktop and drag it over to George (combofix) and let go. Combofix should run as before. I'd like the new log please.

Also are you now able to see hidden files?

Ron

Edited by RKinner, 07 February 2010 - 11:34 AM.

  • 0

#9
facade
Posted 07 February 2010 - 11:21 PM

facade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey Ron,

Yeah, I have been able to view my hidden files since I used TrojanRemover. This was before your first reply. Well currently I have uninstalled AVG and started using Kaspersky Internet Security 2010[Licenced. I have also managed to download Malwarebytes, SUPERAntiSpyware and am using Outpost Firewall as well now. As per requested I have attached the ComboFix Log.

Combofix Log
ComboFix 10-02-06.03 - user 02/08/2010 12:31:26.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1480 [GMT 8:00]
Running from: c:\documents and settings\user\Desktop\Arvin.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt

FILE ::
"c:\docume~1\user\LOCALS~1\Temp\cpuz130\cpuz_x32.sys"
"c:\windows\system32\01.tmp"
"c:\windows\system32\winfuq32.dll"
"c:\windows\system32\winqto32.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ130
-------\Service_cpuz130
-------\Service_khbjxjxvy


((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
.

2010-02-07 17:27 . 2010-02-08 04:20 -------- d-----w- c:\windows\SxsCaPendDel
2010-02-07 17:09 . 2010-02-08 04:52 -------- d-----w- c:\documents and settings\user\Tracing
2010-02-07 16:59 . 2010-02-07 16:59 -------- d-----w- c:\program files\Microsoft
2010-02-07 16:58 . 2010-02-07 16:58 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-07 16:56 . 2010-02-07 16:59 -------- d-----w- c:\program files\Windows Live
2010-02-07 15:08 . 2010-02-07 15:08 -------- d-----w- c:\documents and settings\user\Application Data\Auslogics
2010-02-07 15:08 . 2010-02-07 15:08 -------- d-----w- c:\program files\Auslogics
2010-02-07 15:03 . 2010-02-08 04:24 52224 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-07 15:03 . 2010-02-08 04:24 117760 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-07 15:01 . 2010-02-07 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-07 15:01 . 2010-02-07 15:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-07 15:01 . 2010-02-07 15:01 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2010-02-07 15:00 . 2010-02-07 15:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-07 14:45 . 2010-02-07 17:15 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-02-07 14:45 . 2010-02-07 17:15 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-02-07 14:45 . 2010-02-07 17:15 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-02-07 14:45 . 2010-02-07 17:15 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-02-07 14:45 . 2010-02-07 17:15 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-02-07 14:43 . 2010-02-07 14:43 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2010-02-07 13:26 . 2010-02-08 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-07 13:26 . 2010-02-07 13:26 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-07 13:24 . 2010-02-07 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-02-07 11:28 . 2010-02-07 11:28 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-02-07 11:28 . 2010-01-07 08:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-07 11:28 . 2010-02-07 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-07 11:28 . 2010-01-07 08:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-07 11:28 . 2010-02-07 11:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-07 10:10 . 2010-02-07 10:40 -------- d-----w- C:\Arvin
2010-02-03 03:51 . 2009-12-11 10:05 3613560 ----a-w- c:\documents and settings\user\Application Data\Simply Super Software\Trojan Remover\aif1F8E.exe
2010-02-02 16:51 . 2009-12-11 10:05 3613560 ----a-w- c:\documents and settings\user\Application Data\Simply Super Software\Trojan Remover\nwt1F4E.exe
2010-02-02 16:26 . 2010-02-02 16:26 -------- d-----w- c:\program files\ERUNT
2010-02-02 15:54 . 2010-02-02 16:04 -------- d-----w- C:\SDFix
2010-02-02 15:26 . 2010-02-03 03:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-02 15:25 . 2009-12-11 10:05 3613560 ----a-w- c:\documents and settings\user\Application Data\Simply Super Software\Trojan Remover\dex1A.exe
2010-02-02 15:24 . 2006-06-19 04:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-02 15:24 . 2006-05-25 06:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-02 15:24 . 2005-08-25 16:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-02 15:24 . 2003-02-02 11:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-02-02 15:24 . 2010-02-02 15:25 -------- d-----w- c:\program files\Trojan Remover
2010-02-02 15:24 . 2010-02-02 15:24 -------- d-----w- c:\documents and settings\user\Application Data\Simply Super Software
2010-02-02 15:24 . 2010-02-02 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-01-26 14:41 . 2006-07-23 17:38 26112 ----a-w- c:\windows\system32\nircmd.exe
2010-01-25 14:09 . 2010-01-29 03:15 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 04:52 . 2009-11-05 16:18 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
2010-02-07 14:43 . 2010-02-07 14:43 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2010-02-07 14:43 . 2010-02-07 14:43 264720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2010-02-07 14:43 . 2010-02-07 13:27 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-02-07 14:43 . 2010-02-07 13:27 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-02-07 14:43 . 2010-02-07 14:43 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2010-02-07 14:43 . 2010-02-07 14:43 59920 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2010-02-07 14:43 . 2010-02-07 14:43 264720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2010-02-07 13:58 . 2010-02-07 13:58 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-07 13:55 . 2009-09-05 16:06 -------- d-----w- c:\documents and settings\user\Application Data\Winamp
2010-02-07 13:36 . 2010-02-07 13:36 -------- d-----w- c:\program files\Agnitum
2010-02-07 13:34 . 2010-02-07 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2010-02-07 13:31 . 2010-02-07 13:31 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2010-02-07 09:20 . 2009-07-27 11:17 -------- d-----w- c:\documents and settings\user\Application Data\vlc
2010-02-03 14:30 . 2010-01-07 19:14 0 ----a-w- c:\documents and settings\user\ntuser.tmp
2010-01-27 11:56 . 2009-11-05 16:18 -------- d-----w- c:\documents and settings\user\Application Data\IDM
2010-01-27 01:21 . 2009-02-04 04:16 -------- d-----w- c:\program files\Real Alternative
2010-01-27 01:21 . 2009-02-25 17:31 -------- d-----w- c:\program files\Witness 2003 Release 2
2010-01-27 01:21 . 2003-12-31 16:44 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-27 01:21 . 2009-12-22 16:28 -------- d-----w- c:\program files\Garena
2010-01-27 01:21 . 2009-03-16 15:48 -------- d-----w- c:\program files\GameSpy Arcade
2010-01-26 06:00 . 2009-01-05 03:40 -------- d-----w- c:\program files\DC++
2010-01-25 14:23 . 2009-03-01 21:15 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 2
2010-01-23 05:03 . 2009-11-05 16:17 -------- d-----w- c:\program files\Internet Download Manager
2010-01-11 05:16 . 2009-03-13 02:39 -------- d-----w- c:\program files\UltraISO
2009-12-28 04:00 . 2009-12-28 04:00 -------- d-----w- c:\program files\Disney Interactive
2009-12-27 08:21 . 2009-12-27 08:21 287 ----a-w- c:\windows\EReg072.dat
2009-12-27 08:20 . 2009-12-27 08:20 -------- d-----w- c:\program files\Electronic Arts
2009-12-27 08:08 . 2009-01-30 04:59 -------- d-----w- c:\program files\EA Games
2009-12-27 04:53 . 2009-12-27 04:53 -------- d-----w- c:\program files\WinAutomation
2009-12-27 04:53 . 2009-12-27 04:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{9820EE16-436D-48D4-9946-D7517C5C1D73}
2009-12-27 04:53 . 2009-12-27 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Softomotive
2009-12-15 11:57 . 2009-12-15 11:57 -------- d-----w- c:\documents and settings\user\Application Data\CyberLink
2009-12-14 15:07 . 2009-12-14 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-12-14 15:07 . 2009-12-14 15:02 -------- d-----w- c:\program files\Security Task Manager
2009-12-04 10:50 . 2009-03-19 09:32 26 ----a-w- c:\windows\popcinfo.dat
2009-12-01 15:31 . 2009-12-01 15:31 198064 ----a-w- c:\documents and settings\user\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-11-19 04:07 . 2004-01-04 21:36 100440 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-19 03:17 . 2009-11-19 03:17 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS
2009-11-19 03:17 . 2009-11-19 03:17 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2003-12-31 21:23 . 2003-12-31 21:23 56 ----a-w- c:\program files\Common Files\appop.log
.

((((((((((((((((((((((((((((( SnapShot@2010-02-07_10.34.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 18:19 . 2007-11-06 18:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-11 12:54 . 2009-07-11 12:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 17:07 . 2009-07-11 17:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-11 17:19 . 2009-07-11 17:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 11:41 . 2009-07-11 11:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-07-26 08:44 . 2009-07-26 08:44 48448 c:\windows\system32\sirenacm.dll
+ 2009-07-03 07:45 . 2009-07-03 07:45 27507 c:\windows\system32\drivers\klopp.dat
+ 2009-05-16 12:59 . 2009-05-16 12:59 19472 c:\windows\system32\drivers\klmouflt.sys
+ 2009-05-13 09:46 . 2009-05-13 09:46 31760 c:\windows\system32\drivers\klim5.sys
+ 2008-12-15 12:41 . 2008-12-15 12:41 33808 c:\windows\system32\drivers\klbg.sys
+ 2010-02-07 13:36 . 2009-02-18 09:30 31128 c:\windows\system32\drivers\afw.sys
+ 2010-02-07 16:59 . 2010-02-07 16:59 27136 c:\windows\Installer\756081.msi
+ 2010-02-07 16:57 . 2010-02-07 16:57 83456 c:\windows\Installer\756068.msi
+ 2010-02-07 16:56 . 2010-02-07 16:56 58880 c:\windows\Installer\756062.msi
+ 2010-02-07 16:57 . 2010-02-07 16:57 62304 c:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe
+ 2010-02-07 15:01 . 2010-02-07 15:01 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-02-07 15:01 . 2010-02-07 15:01 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-02-07 17:00 . 2010-02-07 17:00 80395 c:\windows\Installer\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}\MsblIco.Exe
+ 2010-02-07 15:01 . 2010-02-07 15:01 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2008-07-29 00:05 . 2008-07-29 00:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-28 19:54 . 2008-07-28 19:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-07-11 17:12 . 2009-07-11 17:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 17:09 . 2009-07-11 17:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 17:08 . 2009-07-11 17:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-07-03 07:48 . 2009-07-03 07:48 219664 c:\windows\system32\klogon.dll
+ 2010-02-07 13:38 . 2009-04-06 03:37 704384 c:\windows\system32\drivers\SandBox.sys
+ 2010-02-07 13:26 . 2010-02-07 13:26 296976 c:\windows\system32\drivers\klif.sys
+ 2009-06-15 06:01 . 2009-06-15 06:01 128016 c:\windows\system32\drivers\kl1.sys
+ 2010-02-07 13:38 . 2009-02-10 08:15 257432 c:\windows\system32\drivers\afwcore.sys
+ 2010-02-07 14:01 . 2010-02-07 14:01 107008 c:\windows\Installer\ed0b5.msi
+ 2010-02-07 14:01 . 2010-02-07 14:01 301056 c:\windows\Installer\ed0af.msi
+ 2010-02-07 17:28 . 2010-02-07 17:28 424960 c:\windows\Installer\8f4827.msi
+ 2010-02-07 17:00 . 2010-02-07 17:00 430080 c:\windows\Installer\75608f.msi
+ 2010-02-07 16:59 . 2010-02-07 17:00 155648 c:\windows\Installer\756087.msi
+ 2010-02-07 16:58 . 2010-02-07 16:58 140288 c:\windows\Installer\75607b.msi
+ 2010-02-07 16:58 . 2010-02-07 16:58 202752 c:\windows\Installer\756074.msi
+ 2010-02-07 16:57 . 2010-02-07 16:57 152576 c:\windows\Installer\75606e.msi
+ 2010-02-07 16:56 . 2010-02-07 16:56 107008 c:\windows\Installer\75605c.msi
+ 2010-02-07 13:36 . 2010-02-07 13:36 228352 c:\windows\Installer\137a8c.msi
+ 2010-02-08 04:21 . 2010-02-08 04:21 110592 c:\windows\ERDNT\AutoBackup\2-8-2010\Users\00000002\UsrClass.dat
+ 2010-02-08 04:21 . 2005-10-20 04:02 163328 c:\windows\ERDNT\AutoBackup\2-8-2010\ERDNT.EXE
+ 2008-07-29 00:05 . 2008-07-29 00:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-07-11 12:46 . 2009-07-11 12:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 12:46 . 2009-07-11 12:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2010-02-07 15:01 . 2010-02-07 15:01 1583616 c:\windows\Installer\be627.msi
+ 2010-02-07 13:28 . 2010-02-07 13:28 3203072 c:\windows\Installer\137a85.msi
+ 2010-02-08 04:21 . 2010-02-08 04:21 15310848 c:\windows\ERDNT\AutoBackup\2-8-2010\Users\00000001\NTUSER.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"BackgroundSwitcher"="c:\program files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2009-09-23 119104]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-08-11 3114416]
"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-25 135664]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-04 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\user\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 06:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^rncsys32.exe]
path=c:\documents and settings\user\Start Menu\Programs\Startup\rncsys32.exe
backup=c:\windows\pss\rncsys32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-13 18:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-05 13:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\awTray.exe]
2005-03-10 18:35 1910784 ----a-w- c:\program files\Intel\IDU\awtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
2005-08-09 09:35 8597586 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
2005-04-29 12:06 1267200 ----a-w- c:\program files\Intel\IDU\iptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
2004-01-15 21:04 57344 ----a-w- c:\program files\Lexmark 4200 Series\lxbmbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 01:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 01:53 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-07-22 11:16 2331936 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 07:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-11 19:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-12-06 13:31 36975 ----a-w- c:\program files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAutomation Agent]
2009-09-15 09:50 171672 ----a-w- c:\program files\WinAutomation\WinAutomation.DIAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [1/23/2009 11:50 AM 5248]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2/7/2010 9:38 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2/7/2010 9:36 PM 1195008]
R2 WinAutomation Service;WinAutomation Service;c:\program files\WinAutomation\WinAutomation.ServiceAgent.exe [9/15/2009 5:51 PM 147096]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2/7/2010 9:36 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2/7/2010 9:38 PM 257432]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\OSQCAD.tmp --> c:\docume~1\user\LOCALS~1\Temp\OSQCAD.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/5/2009 7:11 PM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9/5/2009 7:11 PM 8320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/23/2009 11:53 AM 646392]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [1/23/2009 11:50 AM 159616]
.
Contents of the 'Scheduled Tasks' folder

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-839522115-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-25 14:09]

2010-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-839522115-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-25 14:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = 127.0.0.1:9666
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4rrbu5b7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchslate.com/wp.ashx?ref=home&id=146
FF - component: c:\documents and settings\user\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox 3 Beta 2\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\user\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3 Beta 2\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 12:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\OSQCAD.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1748)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2244)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\documents and settings\user\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-02-08 13:01:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-08 05:01
ComboFix2.txt 2010-02-07 10:40

Pre-Run: 1,300,357,120 bytes free
Post-Run: 1,311,776,768 bytes free

- - End Of File - - 1366021B2D0A897444FA179870F74319
  • 0

#10
RKinner
Posted 08 February 2010 - 01:53 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Log looks good now.

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

You can skip the next step if you let Kaspersky do a full scan of your system instead. Also let it scan your USB drives since they are also infected.

I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html
It takes a while (hours) and you have to turn off your antivirus while you are running it but it is pretty thorough. It doesn't fix anything so if it finds something (that is not in SDFix, Qoobox, or your antivirus's subfolders) you should save the log and post it in a reply.
If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.

If BitDefender comes back clean then you can uninstall or delete any tools we had you download and their logs. You can manually remove C:\george, C:\qoobox then put your system back the way it was (tho i would leave the hide extensions option unchecked.)


You do not have the latest Java. Get the latest at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

Ron
  • 0

#11
facade
Posted 09 February 2010 - 09:34 AM

facade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Dear Ron,

I did everything that you've requested and finally my system looks clean after ages. Really appreciate your time and effort in solving my problem. Finally can close this topic I believe.:)


Much Gratitude,

Facade
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP