Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Rookit.Agent Removal [Solved]

Started by HalYurAznPal , May 05 2010 10:36 PM

This topic is locked

#31
hammerman

Posted 14 May 2010 - 12:33 AM

Member 4k

Member
4,183 posts

Hi,

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#32
HalYurAznPal

Posted 14 May 2010 - 01:36 PM

Member

Topic Starter
Member
38 posts

Combofix log,

ComboFix 10-05-14.05 - Hallel 14/05/2010 15:12:42.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.1265 [GMT -4:00]
Running from: c:\users\Hallel\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-04-14 to 2010-05-14 )))))))))))))))))))))))))))))))
.

2010-05-14 19:19 . 2010-05-14 19:20 -------- d-----w- c:\users\Hallel\AppData\Local\temp
2010-05-14 19:19 . 2010-05-14 19:19 -------- d-----w- c:\users\TJ\AppData\Local\temp
2010-05-14 19:19 . 2010-05-14 19:19 -------- d-----w- c:\users\Rudy\AppData\Local\temp
2010-05-14 19:19 . 2010-05-14 19:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-14 19:19 . 2010-05-14 19:19 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-05-14 19:19 . 2010-05-14 19:19 -------- d-----w- c:\users\Isaac\AppData\Local\temp
2010-05-14 19:19 . 2010-05-14 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-14 02:33 . 2010-05-14 02:33 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-14 01:07 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-14 01:07 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-14 01:07 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-14 00:07 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-14 00:07 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-14 00:07 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-13 18:59 . 2010-05-13 19:00 -------- d-----w- c:\windows\system32\ca-ES
2010-05-13 18:59 . 2010-05-13 19:00 -------- d-----w- c:\windows\system32\eu-ES
2010-05-13 18:59 . 2010-05-13 19:00 -------- d-----w- c:\windows\system32\vi-VN
2010-05-12 22:46 . 2010-05-12 22:56 -------- d-----w- c:\windows\maxdriver
2010-05-12 16:35 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 01:14 . 2010-05-13 13:44 680 ----a-w- c:\users\Hallel\AppData\Local\d3d9caps.dat
2010-05-11 03:43 . 2010-05-11 03:43 -------- d-----w- c:\windows\system32\EventProviders
2010-05-09 22:59 . 2010-05-09 22:59 -------- d-----w- c:\users\Hallel\AppData\Local\Apple
2010-05-09 01:05 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-07 17:06 . 2010-05-07 17:06 -------- d-----w- c:\program files\Common Files\Java
2010-05-07 17:06 . 2010-05-07 17:06 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-07 16:34 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-07 16:34 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-07 16:34 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-07 16:34 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-07 16:34 . 2010-05-07 16:34 -------- d-----w- c:\programdata\Avira
2010-05-07 16:34 . 2010-05-07 16:34 -------- d-----w- c:\program files\Avira
2010-05-07 16:25 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-07 16:25 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-06 19:53 . 2010-05-07 02:08 -------- d-----w- C:\Combo-Fix23342C
2010-05-06 17:35 . 2010-05-06 17:43 -------- d-----w- C:\Combo-Fix
2010-05-05 20:35 . 2010-05-05 20:35 -------- d-----w- c:\users\TJ\AppData\Local\Skype
2010-05-02 14:47 . 2010-05-02 14:47 -------- d-----w- c:\program files\CONEXANT
2010-04-30 05:49 . 2010-05-14 19:05 -------- d-----w- c:\users\Hallel\Tracing
2010-04-30 05:42 . 2010-05-13 03:19 -------- d-----w- c:\users\Hallel\AppData\Roaming\vlc
2010-04-30 04:49 . 2010-04-30 04:49 77928 ----a-w- c:\users\Hallel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-30 04:13 . 2010-04-30 04:13 -------- d-----w- c:\users\Hallel\AppData\Local\Google
2010-04-30 04:13 . 2010-04-30 04:13 0 ----a-w- c:\windows\nsreg.dat
2010-04-30 04:13 . 2010-04-30 04:13 -------- d-----w- c:\users\Hallel\AppData\Local\Mozilla
2010-04-30 04:10 . 2010-04-30 04:11 -------- d-----w- c:\users\Hallel\AppData\Roaming\Malwarebytes
2010-04-30 04:05 . 2010-03-26 14:33 43008 ----a-w- c:\users\Rudy\AppData\Roaming\Mozilla\Firefox\Profiles\on8y9j6s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-30 04:05 . 2010-03-26 14:33 1496064 ----a-w- c:\users\Rudy\AppData\Roaming\Mozilla\Firefox\Profiles\on8y9j6s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-30 04:05 . 2010-03-26 14:33 339456 ----a-w- c:\users\Rudy\AppData\Roaming\Mozilla\Firefox\Profiles\on8y9j6s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-30 04:05 . 2010-03-26 14:32 346112 ----a-w- c:\users\Rudy\AppData\Roaming\Mozilla\Firefox\Profiles\on8y9j6s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-29 02:56 . 2010-04-29 02:57 -------- d-----w- c:\users\Rudy\AppData\Local\MigWiz
2010-04-28 21:39 . 2010-04-28 21:39 -------- d-----w- c:\users\Isaac\AppData\Roaming\Malwarebytes
2010-04-28 21:37 . 2010-04-28 21:37 -------- d-----w- c:\users\TJ\AppData\Roaming\Malwarebytes
2010-04-28 21:12 . 2010-04-28 21:12 -------- d-----w- c:\programdata\Alwil Software
2010-04-27 22:17 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 22:17 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 19:37 . 2010-04-27 19:37 -------- d-----w- c:\users\Rudy\AppData\Roaming\Malwarebytes
2010-04-27 19:37 . 2010-04-27 19:37 -------- d-----w- c:\programdata\Malwarebytes
2010-04-27 19:37 . 2010-05-06 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 16:41 . 2010-04-27 16:41 93184 --sha-r- c:\windows\system32\SCardSvry.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 19:03 . 2007-08-21 00:47 -------- d-----w- c:\programdata\Google Updater
2010-05-14 02:33 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-14 02:21 . 2010-05-14 02:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-05-14 02:20 . 2010-05-14 02:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-13 19:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-13 19:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-13 19:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-13 19:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-05-13 19:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-05-13 19:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-13 19:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-13 12:18 . 2007-07-27 00:43 77928 ----a-w- c:\users\TJ\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-12 23:01 . 2007-07-25 05:22 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 21:11 . 2007-08-17 15:42 77928 ----a-w- c:\users\Isaac\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-07 17:01 . 2007-12-22 03:20 -------- d-----w- c:\program files\Java
2010-05-06 14:36 . 2010-02-13 05:00 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-30 05:00 . 2008-03-04 02:25 -------- d-----w- c:\program files\Bonjour
2010-04-30 04:59 . 2007-11-22 23:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-30 04:56 . 2007-01-04 19:15 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-29 02:53 . 2009-02-11 16:27 -------- d-----w- c:\programdata\Norton
2010-04-29 02:51 . 2007-01-04 19:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-03 03:56 . 2010-04-03 03:26 41 ----a-w- c:\users\TJ\jagex_runescape_preferences.dat
2010-04-03 03:54 . 2010-04-03 03:27 69 ----a-w- c:\users\TJ\jagex_runescape_preferences2.dat
2010-04-03 03:27 . 2010-04-03 03:27 0 ----a-w- c:\users\TJ\jagex__preferences3.dat
2010-03-26 03:17 . 2007-01-04 19:09 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-26 03:16 . 2007-01-04 19:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 21:27 . 2008-10-19 02:00 -------- d-----w- c:\program files\uTorrent
2010-03-20 16:30 . 2007-07-25 04:42 77928 ----a-w- c:\users\Rudy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-16 04:55 . 2008-11-22 23:12 -------- d-----w- c:\program files\AviSynth 2.5
2010-03-16 04:54 . 2008-02-09 17:21 -------- d-----w- c:\program files\QuickTax 2007
2010-03-16 04:48 . 2010-03-15 03:03 -------- d-----w- c:\program files\Nokia
2010-03-16 04:46 . 2008-06-25 12:51 -------- d-----w- c:\programdata\Yahoo!
2010-03-15 03:02 . 2010-03-15 03:02 36864 ----a-w- c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\Sleep.exe
2010-03-15 03:02 . 2010-03-15 03:02 3351812 ----a-w- c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-15 03:02 . 2010-03-15 03:02 3203453 ----a-w- c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\vcredistExec.exe
2010-03-15 03:02 . 2010-03-15 03:03 34642680 ----a-w- c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_en.exe
2010-03-09 16:25 . 2010-03-30 18:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42 . 2010-03-30 18:45 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-04 17:33 . 2010-04-14 02:26 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 11:10 . 2010-04-14 02:26 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 02:26 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 02:26 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 23:06 . 2010-03-11 22:29 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 22:29 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 22:29 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-18 14:07 . 2010-04-14 02:25 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:07 . 2010-04-14 02:26 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:07 . 2010-04-14 02:26 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 13:30 . 2010-04-14 02:25 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:28 . 2010-04-14 02:25 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-02-11 21:51 . 2009-02-11 21:51 212991 ----a-w- c:\program files\Adobe After Effects CS4 ????.pdf
2009-02-11 21:51 . 2009-02-11 21:51 143872 ----a-w- c:\program files\Adobe After Effects CS4 ???????.pdf
2008-08-28 18:09 . 2009-02-11 21:51 85534 ----a-w- c:\program files\Leggimi di Adobe After Effects CS4.pdf
2008-08-28 18:09 . 2009-02-11 21:51 54092 ----a-w- c:\program files\Léame de Adobe After Effects CS4.pdf
2008-08-28 18:09 . 2009-02-11 21:51 80920 ----a-w- c:\program files\Adobe After Effects CS4 — Lisez-moi.pdf
2008-08-28 18:09 . 2009-02-11 21:51 80508 ----a-w- c:\program files\Adobe After Effects CS4 - Bitte lesen.pdf
2008-08-25 02:59 . 2009-02-11 21:51 63669 ----a-w- c:\program files\Adobe After Effects CS4 Read Me.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]

c:\users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NCProTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk
backup=c:\windows\pss\NCProTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-11-22 09:11 82864 ----a-w- c:\program files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-04-01 18:41 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2006-11-16 22:59 1480296 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\hpadvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-04-19 23:11 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-04-01 18:41 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
2006-11-22 09:12 304048 ----a-w- c:\program files\Lexmark 5400 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS]
2006-11-21 12:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcttime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2006-11-22 09:11 291760 ----a-w- c:\program files\Lexmark 5400 Series\lxctmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-04-01 18:41 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-21 00:47 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):bb,5c,e7,a4,cf,f2,ca,01

R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx86.sys [2007-10-08 892416]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-05-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-21 19:30]

2010-05-14 c:\windows\Tasks\User_Feed_Synchronization-{3B5EC866-8A93-4E2E-B6E6-EC2E18C8C982}.job
- c:\windows\system32\msfeedssync.exe [2008-06-17 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {BC1206EB-AE85-4833-901F-16AFF14E1757} = 207.210.47.10,207.210.47.27
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
FF - ProfilePath - c:\users\Hallel\AppData\Roaming\Mozilla\Firefox\Profiles\rdqnamks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 15:20
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000020

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-14 15:22:27
ComboFix-quarantined-files.txt 2010-05-14 19:22

Pre-Run: 79,012,347,904 bytes free
Post-Run: 79,033,819,136 bytes free

- - End Of File - - FCA7060083B45B3DB56C926BA7F64723

#33
hammerman

Posted 15 May 2010 - 01:45 PM

Member 4k

Member
4,183 posts

Hi,

Are you being redirected in both Firefox and IE?

Please follow these steps.

-- Step 1 --

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/04/27 12:41:06 | 000,093,184 | RHS- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvry.dll
[2001/09/18 12:00:00 | 000,031,746 | ---- | C] () -- C:\Windows\System32\2icpin_.dll

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

-- Step 2 --

Download TDSSKiller and save it to your Desktop.

Extract the file and run it.
Once completed it will create a log in the root directory (usually C:\).
Please post the contents of that log in your next reply.

-- Step 3 --

Download avz4.zip from HERE

Unzip it to your desktop to a folder named avz4
Double click on AVZ.exe to run it.
Run an update by clicking the Auto Update button on the Right of the Log window:
Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
Click on the “Execute selected scripts”.
Automatic scanning, healing and system check will be executed.
A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
All applications will work properly after the system restart.

When restarted

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

#34
HalYurAznPal

Posted 16 May 2010 - 08:46 PM

Member

Topic Starter
Member
38 posts

Logs and more logs,

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\System32\SCardSvry.dll moved successfully.
C:\Windows\System32\2icpin_.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hal

User: Hallel
->Temp folder emptied: 32235 bytes
->Temporary Internet Files folder emptied: 240685 bytes
->Java cache emptied: 13992 bytes
->FireFox cache emptied: 99168007 bytes
->Flash cache emptied: 881 bytes

User: Isaac
->Temp folder emptied: 118811 bytes
->Temporary Internet Files folder emptied: 1345835 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 77532497 bytes
->Flash cache emptied: 6095 bytes

User: Mcx1
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rudy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TJ
->Temp folder emptied: 174728 bytes
->Temporary Internet Files folder emptied: 2028888 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71151096 bytes
->Flash cache emptied: 1727 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 551940 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 241.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Hal

User: Hallel
->Flash cache emptied: 0 bytes

User: Isaac
->Flash cache emptied: 0 bytes

User: Mcx1

User: Public

User: Rudy
->Flash cache emptied: 0 bytes

User: TJ
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.4.1 log created on 05162010_203559

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

20:58:06:076 0556 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
20:58:06:076 0556 ================================================================================
20:58:06:076 0556 SystemInfo:

20:58:06:076 0556 OS Version: 6.0.6002 ServicePack: 2.0
20:58:06:076 0556 Product type: Workstation
20:58:06:076 0556 ComputerName: HALLELUJAH
20:58:06:076 0556 UserName: Hallel
20:58:06:076 0556 Windows directory: C:\Windows
20:58:06:076 0556 Processor architecture: Intel x86
20:58:06:076 0556 Number of processors: 2
20:58:06:076 0556 Page size: 0x1000
20:58:06:076 0556 Boot type: Normal boot
20:58:06:076 0556 ================================================================================
20:58:06:076 0556 UnloadDriverW: NtUnloadDriver error 2
20:58:06:076 0556 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
20:58:06:123 0556 wfopen_ex: Trying to open file C:\Windows\system32\config\system
20:58:06:123 0556 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:58:06:123 0556 wfopen_ex: Trying to KLMD file open
20:58:06:123 0556 wfopen_ex: File opened ok (Flags 2)
20:58:06:154 0556 wfopen_ex: Trying to open file C:\Windows\system32\config\software
20:58:06:154 0556 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:58:06:154 0556 wfopen_ex: Trying to KLMD file open
20:58:06:154 0556 wfopen_ex: File opened ok (Flags 2)
20:58:06:154 0556 Initialize success
20:58:06:154 0556
20:58:06:154 0556 Scanning Services ...
20:58:06:794 0556 Raw services enum returned 434 services
20:58:06:810 0556
20:58:06:810 0556 Scanning Kernel memory ...
20:58:06:810 0556 Devices to scan: 5
20:58:06:810 0556
20:58:06:810 0556 Driver Name: USBSTOR
20:58:06:810 0556 IRP_MJ_CREATE : 88513FC8
20:58:06:810 0556 IRP_MJ_CREATE_NAMED_PIPE : 8263EA22
20:58:06:810 0556 IRP_MJ_CLOSE : 88514040
20:58:06:810 0556 IRP_MJ_READ : 885140B8
20:58:06:810 0556 IRP_MJ_WRITE : 885140B8
20:58:06:810 0556 IRP_MJ_QUERY_INFORMATION : 8263EA22
20:58:06:810 0556 IRP_MJ_SET_INFORMATION : 8263EA22
20:58:06:810 0556 IRP_MJ_QUERY_EA : 8263EA22
20:58:06:810 0556 IRP_MJ_SET_EA : 8263EA22
20:58:06:810 0556 IRP_MJ_FLUSH_BUFFERS : 8263EA22
20:58:06:810 0556 IRP_MJ_QUERY_VOLUME_INFORMATION : 8263EA22
20:58:06:810 0556 IRP_MJ_SET_VOLUME_INFORMATION : 8263EA22
20:58:06:810 0556 IRP_MJ_DIRECTORY_CONTROL : 8263EA22
20:58:06:810 0556 IRP_MJ_FILE_SYSTEM_CONTROL : 8263EA22
20:58:06:810 0556 IRP_MJ_DEVICE_CONTROL : 88513BC4
20:58:06:810 0556 IRP_MJ_INTERNAL_DEVICE_CONTROL : 885077E4
20:58:06:810 0556 IRP_MJ_SHUTDOWN : 8263EA22
20:58:06:810 0556 IRP_MJ_LOCK_CONTROL : 8263EA22
20:58:06:810 0556 IRP_MJ_CLEANUP : 8263EA22
20:58:06:810 0556 IRP_MJ_CREATE_MAILSLOT : 8263EA22
20:58:06:810 0556 IRP_MJ_QUERY_SECURITY : 8263EA22
20:58:06:810 0556 IRP_MJ_SET_SECURITY : 8263EA22
20:58:06:810 0556 IRP_MJ_POWER : 8851259C
20:58:06:810 0556 IRP_MJ_SYSTEM_CONTROL : 8850F7A2
20:58:06:810 0556 IRP_MJ_DEVICE_CHANGE : 8263EA22
20:58:06:810 0556 IRP_MJ_QUERY_QUOTA : 8263EA22
20:58:06:810 0556 IRP_MJ_SET_QUOTA : 8263EA22
20:58:06:856 0556 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
20:58:06:856 0556
20:58:06:856 0556 Driver Name: USBSTOR
20:58:06:856 0556 IRP_MJ_CREATE : 88513FC8
20:58:06:856 0556 IRP_MJ_CREATE_NAMED_PIPE : 8263EA22
20:58:06:856 0556 IRP_MJ_CLOSE : 88514040
20:58:06:856 0556 IRP_MJ_READ : 885140B8
20:58:06:856 0556 IRP_MJ_WRITE : 885140B8
20:58:06:856 0556 IRP_MJ_QUERY_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_EA : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_EA : 8263EA22
20:58:06:856 0556 IRP_MJ_FLUSH_BUFFERS : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_VOLUME_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_VOLUME_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_DIRECTORY_CONTROL : 8263EA22
20:58:06:856 0556 IRP_MJ_FILE_SYSTEM_CONTROL : 8263EA22
20:58:06:856 0556 IRP_MJ_DEVICE_CONTROL : 88513BC4
20:58:06:856 0556 IRP_MJ_INTERNAL_DEVICE_CONTROL : 885077E4
20:58:06:856 0556 IRP_MJ_SHUTDOWN : 8263EA22
20:58:06:856 0556 IRP_MJ_LOCK_CONTROL : 8263EA22
20:58:06:856 0556 IRP_MJ_CLEANUP : 8263EA22
20:58:06:856 0556 IRP_MJ_CREATE_MAILSLOT : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_SECURITY : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_SECURITY : 8263EA22
20:58:06:856 0556 IRP_MJ_POWER : 8851259C
20:58:06:856 0556 IRP_MJ_SYSTEM_CONTROL : 8850F7A2
20:58:06:856 0556 IRP_MJ_DEVICE_CHANGE : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_QUOTA : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_QUOTA : 8263EA22
20:58:06:856 0556 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
20:58:06:856 0556
20:58:06:856 0556 Driver Name: USBSTOR
20:58:06:856 0556 IRP_MJ_CREATE : 88513FC8
20:58:06:856 0556 IRP_MJ_CREATE_NAMED_PIPE : 8263EA22
20:58:06:856 0556 IRP_MJ_CLOSE : 88514040
20:58:06:856 0556 IRP_MJ_READ : 885140B8
20:58:06:856 0556 IRP_MJ_WRITE : 885140B8
20:58:06:856 0556 IRP_MJ_QUERY_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_EA : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_EA : 8263EA22
20:58:06:856 0556 IRP_MJ_FLUSH_BUFFERS : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_VOLUME_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_VOLUME_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_DIRECTORY_CONTROL : 8263EA22
20:58:06:856 0556 IRP_MJ_FILE_SYSTEM_CONTROL : 8263EA22
20:58:06:856 0556 IRP_MJ_DEVICE_CONTROL : 88513BC4
20:58:06:856 0556 IRP_MJ_INTERNAL_DEVICE_CONTROL : 885077E4
20:58:06:856 0556 IRP_MJ_SHUTDOWN : 8263EA22
20:58:06:856 0556 IRP_MJ_LOCK_CONTROL : 8263EA22
20:58:06:856 0556 IRP_MJ_CLEANUP : 8263EA22
20:58:06:856 0556 IRP_MJ_CREATE_MAILSLOT : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_SECURITY : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_SECURITY : 8263EA22
20:58:06:856 0556 IRP_MJ_POWER : 8851259C
20:58:06:856 0556 IRP_MJ_SYSTEM_CONTROL : 8850F7A2
20:58:06:856 0556 IRP_MJ_DEVICE_CHANGE : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_QUOTA : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_QUOTA : 8263EA22
20:58:06:856 0556 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
20:58:06:856 0556
20:58:06:856 0556 Driver Name: USBSTOR
20:58:06:856 0556 IRP_MJ_CREATE : 88513FC8
20:58:06:856 0556 IRP_MJ_CREATE_NAMED_PIPE : 8263EA22
20:58:06:856 0556 IRP_MJ_CLOSE : 88514040
20:58:06:856 0556 IRP_MJ_READ : 885140B8
20:58:06:856 0556 IRP_MJ_WRITE : 885140B8
20:58:06:856 0556 IRP_MJ_QUERY_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_EA : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_EA : 8263EA22
20:58:06:856 0556 IRP_MJ_FLUSH_BUFFERS : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_VOLUME_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_VOLUME_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_DIRECTORY_CONTROL : 8263EA22
20:58:06:856 0556 IRP_MJ_FILE_SYSTEM_CONTROL : 8263EA22
20:58:06:856 0556 IRP_MJ_DEVICE_CONTROL : 88513BC4
20:58:06:856 0556 IRP_MJ_INTERNAL_DEVICE_CONTROL : 885077E4
20:58:06:856 0556 IRP_MJ_SHUTDOWN : 8263EA22
20:58:06:856 0556 IRP_MJ_LOCK_CONTROL : 8263EA22
20:58:06:856 0556 IRP_MJ_CLEANUP : 8263EA22
20:58:06:856 0556 IRP_MJ_CREATE_MAILSLOT : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_SECURITY : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_SECURITY : 8263EA22
20:58:06:856 0556 IRP_MJ_POWER : 8851259C
20:58:06:856 0556 IRP_MJ_SYSTEM_CONTROL : 8850F7A2
20:58:06:856 0556 IRP_MJ_DEVICE_CHANGE : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_QUOTA : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_QUOTA : 8263EA22
20:58:06:856 0556 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
20:58:06:856 0556
20:58:06:856 0556 Driver Name: iaStor
20:58:06:856 0556 IRP_MJ_CREATE : 8300C0B8
20:58:06:856 0556 IRP_MJ_CREATE_NAMED_PIPE : 8263EA22
20:58:06:856 0556 IRP_MJ_CLOSE : 8300C0B8
20:58:06:856 0556 IRP_MJ_READ : 8263EA22
20:58:06:856 0556 IRP_MJ_WRITE : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_EA : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_EA : 8263EA22
20:58:06:856 0556 IRP_MJ_FLUSH_BUFFERS : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_VOLUME_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_VOLUME_INFORMATION : 8263EA22
20:58:06:856 0556 IRP_MJ_DIRECTORY_CONTROL : 8263EA22
20:58:06:856 0556 IRP_MJ_FILE_SYSTEM_CONTROL : 8263EA22
20:58:06:856 0556 IRP_MJ_DEVICE_CONTROL : 8300FEBE
20:58:06:856 0556 IRP_MJ_INTERNAL_DEVICE_CONTROL : 83010186
20:58:06:856 0556 IRP_MJ_SHUTDOWN : 8263EA22
20:58:06:856 0556 IRP_MJ_LOCK_CONTROL : 8263EA22
20:58:06:856 0556 IRP_MJ_CLEANUP : 8263EA22
20:58:06:856 0556 IRP_MJ_CREATE_MAILSLOT : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_SECURITY : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_SECURITY : 8263EA22
20:58:06:856 0556 IRP_MJ_POWER : 83014B64
20:58:06:856 0556 IRP_MJ_SYSTEM_CONTROL : 83014CC4
20:58:06:856 0556 IRP_MJ_DEVICE_CHANGE : 8263EA22
20:58:06:856 0556 IRP_MJ_QUERY_QUOTA : 8263EA22
20:58:06:856 0556 IRP_MJ_SET_QUOTA : 8263EA22
20:58:06:872 0556 C:\Windows\system32\drivers\iastor.sys - Verdict: 1
20:58:06:872 0556
20:58:06:872 0556 Completed
20:58:06:872 0556
20:58:06:872 0556 Results:
20:58:06:872 0556 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
20:58:06:872 0556 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:58:06:872 0556 File objects infected / cured / cured on reboot: 0 / 0 / 0
20:58:06:872 0556
20:58:06:872 0556 fclose_ex: Trying to close file C:\Windows\system32\config\system
20:58:06:872 0556 fclose_ex: Trying to close file C:\Windows\system32\config\software
20:58:06:872 0556 KLMD(ARK) unloaded successfully

Attached Files

virusinfo_syscure.zip 97.5KB 101 downloads
virusinfo_syscheck.zip 17.52KB 111 downloads

#35
hammerman

Posted 17 May 2010 - 03:10 PM

Member 4k

Member
4,183 posts

Hi,

More log's I'm afraid.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

:filefind
*onazahuyuruwokuq*
*escowmraxn*
*geurge*
*nwcmsroxea*
*pragma*
:folderfind
*pragma*
:regfind
pragma

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

If this turns out to be a large file, you may attach it.

The scan may take a while so be patient.

Edited by hammerman, 17 May 2010 - 03:23 PM.

#36
HalYurAznPal

Posted 18 May 2010 - 07:36 PM

Member

Topic Starter
Member
38 posts

Here it is,

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:31 on 18/05/2010 by Hallel (Administrator - Elevation successful)

========== filefind ==========

Searching for "*onazahuyuruwokuq*"
No files found.

Searching for "*escowmraxn*"
No files found.

Searching for "*geurge*"
No files found.

Searching for "*nwcmsroxea*"
No files found.

Searching for "*pragma*"
No files found.

========== folderfind ==========

Searching for "*pragma*"
No folders found.

========== regfind ==========

Searching for "pragma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B52DED6-92F3-3B4F-851C-AB1F647582A3}]
@="_CodeLinePragma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7EB20114-E822-358C-BDAB-DCF9E5090F23}]
@="_CodeChecksumPragma"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRAGMASSNXPSYAEP]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRAGMASSNXPSYAEP\0000]
"Service"="PRAGMAssnxpsyaep"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRAGMASSNXPSYAEP\0000]
"Service"="PRAGMAssnxpsyaep"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRAGMASSNXPSYAEP\0000]
"Service"="PRAGMAssnxpsyaep"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRAGMASSNXPSYAEP\0000]
"Service"="PRAGMAssnxpsyaep"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRAGMASSNXPSYAEP]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRAGMASSNXPSYAEP\0000]
"Service"="PRAGMAssnxpsyaep"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRAGMASSNXPSYAEP\0000]
"Service"="PRAGMAssnxpsyaep"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRAGMASSNXPSYAEP\0000]
"Service"="PRAGMAssnxpsyaep"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRAGMASSNXPSYAEP\0000]
"Service"="PRAGMAssnxpsyaep"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRAGMASSNXPSYAEP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRAGMASSNXPSYAEP\0000]
"Service"="PRAGMAssnxpsyaep"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRAGMASSNXPSYAEP\0000]
"Service"="PRAGMAssnxpsyaep"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRAGMASSNXPSYAEP\0000]
"Service"="PRAGMAssnxpsyaep"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRAGMASSNXPSYAEP\0000]
"Service"="PRAGMAssnxpsyaep"

-=End Of File=-

#37
hammerman

Posted 19 May 2010 - 01:17 PM

Member 4k

Member
4,183 posts

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::

Folder::

Registry::

Driver::
PRAGMAssnxpsyaep

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#38
HalYurAznPal

Posted 19 May 2010 - 09:24 PM

Member

Topic Starter
Member
38 posts

Combofix log

ComboFix 10-05-19.02 - Hallel 19/05/2010 23:01:25.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.1302 [GMT -4:00]
Running from: c:\users\Hallel\Desktop\ComboFix.exe
Command switches used :: c:\users\Hallel\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PRAGMASSNXPSYAEP

((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-20 03:08 . 2010-05-20 03:13 -------- d-----w- c:\users\Hallel\AppData\Local\temp
2010-05-20 03:08 . 2010-05-20 03:08 -------- d-----w- c:\users\TJ\AppData\Local\temp
2010-05-20 03:08 . 2010-05-20 03:08 -------- d-----w- c:\users\Rudy\AppData\Local\temp
2010-05-20 03:08 . 2010-05-20 03:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-20 03:08 . 2010-05-20 03:08 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-05-20 03:08 . 2010-05-20 03:08 -------- d-----w- c:\users\Isaac\AppData\Local\temp
2010-05-20 03:08 . 2010-05-20 03:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-17 20:46 . 2010-05-17 20:46 -------- d-----w- c:\users\TJ\AppData\Roaming\skypePM
2010-05-17 20:41 . 2010-05-17 21:29 -------- d-----w- c:\users\TJ\AppData\Roaming\Skype
2010-05-17 20:40 . 2010-05-17 20:40 -------- d-----r- c:\program files\Skype
2010-05-17 20:40 . 2010-05-17 20:40 -------- d-----w- c:\programdata\Skype
2010-05-17 04:28 . 2010-05-17 04:28 -------- d-----w- c:\users\Hallel\AppData\Roaming\Apple Computer
2010-05-17 04:28 . 2010-05-17 04:28 -------- d-----w- c:\users\Hallel\AppData\Local\Apple Computer
2010-05-17 00:35 . 2010-05-17 00:35 -------- d-----w- C:\_OTL
2010-05-14 02:33 . 2010-05-14 02:33 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-14 01:07 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-14 01:07 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-14 01:07 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-14 00:07 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-14 00:07 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-14 00:07 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-13 18:59 . 2010-05-13 19:00 -------- d-----w- c:\windows\system32\ca-ES
2010-05-13 18:59 . 2010-05-13 19:00 -------- d-----w- c:\windows\system32\eu-ES
2010-05-13 18:59 . 2010-05-13 19:00 -------- d-----w- c:\windows\system32\vi-VN
2010-05-12 22:46 . 2010-05-12 22:56 -------- d-----w- c:\windows\maxdriver
2010-05-12 16:35 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 01:14 . 2010-05-13 13:44 680 ----a-w- c:\users\Hallel\AppData\Local\d3d9caps.dat
2010-05-11 03:43 . 2010-05-11 03:43 -------- d-----w- c:\windows\system32\EventProviders
2010-05-09 22:59 . 2010-05-09 22:59 -------- d-----w- c:\users\Hallel\AppData\Local\Apple
2010-05-09 01:05 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-07 17:06 . 2010-05-07 17:06 -------- d-----w- c:\program files\Common Files\Java
2010-05-07 17:06 . 2010-05-07 17:06 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-07 16:34 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-07 16:34 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-07 16:34 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-07 16:34 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-07 16:34 . 2010-05-07 16:34 -------- d-----w- c:\programdata\Avira
2010-05-07 16:34 . 2010-05-07 16:34 -------- d-----w- c:\program files\Avira
2010-05-07 16:25 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-07 16:25 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-06 19:53 . 2010-05-07 02:08 -------- d-----w- C:\Combo-Fix23342C
2010-05-06 17:35 . 2010-05-06 17:43 -------- d-----w- C:\Combo-Fix
2010-05-05 20:35 . 2010-05-05 20:35 -------- d-----w- c:\users\TJ\AppData\Local\Skype
2010-05-02 14:47 . 2010-05-02 14:47 -------- d-----w- c:\program files\CONEXANT
2010-04-30 05:49 . 2010-05-20 02:47 -------- d-----w- c:\users\Hallel\Tracing
2010-04-30 05:42 . 2010-05-18 07:24 -------- d-----w- c:\users\Hallel\AppData\Roaming\vlc
2010-04-30 04:49 . 2010-04-30 04:49 77928 ----a-w- c:\users\Hallel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-30 04:13 . 2010-04-30 04:13 -------- d-----w- c:\users\Hallel\AppData\Local\Google
2010-04-30 04:13 . 2010-04-30 04:13 0 ----a-w- c:\windows\nsreg.dat
2010-04-30 04:13 . 2010-04-30 04:13 -------- d-----w- c:\users\Hallel\AppData\Local\Mozilla
2010-04-30 04:10 . 2010-04-30 04:11 -------- d-----w- c:\users\Hallel\AppData\Roaming\Malwarebytes
2010-04-29 02:56 . 2010-04-29 02:57 -------- d-----w- c:\users\Rudy\AppData\Local\MigWiz
2010-04-28 21:39 . 2010-04-28 21:39 -------- d-----w- c:\users\Isaac\AppData\Roaming\Malwarebytes
2010-04-28 21:37 . 2010-04-28 21:37 -------- d-----w- c:\users\TJ\AppData\Roaming\Malwarebytes
2010-04-28 21:12 . 2010-04-28 21:12 -------- d-----w- c:\programdata\Alwil Software
2010-04-27 22:17 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 22:17 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 19:37 . 2010-04-27 19:37 -------- d-----w- c:\users\Rudy\AppData\Roaming\Malwarebytes
2010-04-27 19:37 . 2010-04-27 19:37 -------- d-----w- c:\programdata\Malwarebytes
2010-04-27 19:37 . 2010-05-06 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 04:48 . 2007-08-21 00:47 -------- d-----w- c:\programdata\Google Updater
2010-05-18 07:24 . 2008-03-04 02:29 -------- d-----w- c:\programdata\FLEXnet
2010-05-17 20:46 . 2010-05-17 20:46 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-14 02:33 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-14 02:21 . 2010-05-14 02:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-05-14 02:20 . 2010-05-14 02:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-13 19:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-13 19:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-13 19:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-13 19:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-05-13 19:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-05-13 19:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-13 19:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-13 12:18 . 2007-07-27 00:43 77928 ----a-w- c:\users\TJ\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-12 23:01 . 2007-07-25 05:22 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 21:11 . 2007-08-17 15:42 77928 ----a-w- c:\users\Isaac\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-07 17:01 . 2007-12-22 03:20 -------- d-----w- c:\program files\Java
2010-05-06 14:36 . 2010-02-13 05:00 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-30 05:00 . 2008-03-04 02:25 -------- d-----w- c:\program files\Bonjour
2010-04-30 04:59 . 2007-11-22 23:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-30 04:56 . 2007-01-04 19:15 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-29 02:53 . 2009-02-11 16:27 -------- d-----w- c:\programdata\Norton
2010-04-29 02:51 . 2007-01-04 19:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-03 03:56 . 2010-04-03 03:26 41 ----a-w- c:\users\TJ\jagex_runescape_preferences.dat
2010-04-03 03:54 . 2010-04-03 03:27 69 ----a-w- c:\users\TJ\jagex_runescape_preferences2.dat
2010-04-03 03:27 . 2010-04-03 03:27 0 ----a-w- c:\users\TJ\jagex__preferences3.dat
2010-03-26 14:33 . 2010-04-30 04:05 1496064 ----a-w- c:\users\Rudy\AppData\Roaming\Mozilla\Firefox\Profiles\on8y9j6s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 14:33 . 2010-04-30 04:05 43008 ----a-w- c:\users\Rudy\AppData\Roaming\Mozilla\Firefox\Profiles\on8y9j6s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 14:33 . 2010-04-30 04:05 339456 ----a-w- c:\users\Rudy\AppData\Roaming\Mozilla\Firefox\Profiles\on8y9j6s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 14:32 . 2010-04-30 04:05 346112 ----a-w- c:\users\Rudy\AppData\Roaming\Mozilla\Firefox\Profiles\on8y9j6s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-26 03:17 . 2007-01-04 19:09 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-26 03:16 . 2007-01-04 19:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 21:27 . 2008-10-19 02:00 -------- d-----w- c:\program files\uTorrent
2010-03-20 16:30 . 2007-07-25 04:42 77928 ----a-w- c:\users\Rudy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-15 03:02 . 2010-03-15 03:02 36864 ----a-w- c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\Sleep.exe
2010-03-15 03:02 . 2010-03-15 03:02 3351812 ----a-w- c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-15 03:02 . 2010-03-15 03:02 3203453 ----a-w- c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\vcredistExec.exe
2010-03-15 03:02 . 2010-03-15 03:03 34642680 ----a-w- c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_en.exe
2010-03-09 16:25 . 2010-03-30 18:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42 . 2010-03-30 18:45 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-04 17:33 . 2010-04-14 02:26 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 11:10 . 2010-04-14 02:26 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 02:26 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 02:26 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 23:06 . 2010-03-11 22:29 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 22:29 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 22:29 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-02-11 21:51 . 2009-02-11 21:51 212991 ----a-w- c:\program files\Adobe After Effects CS4 ????.pdf
2009-02-11 21:51 . 2009-02-11 21:51 143872 ----a-w- c:\program files\Adobe After Effects CS4 ???????.pdf
2008-08-28 18:09 . 2009-02-11 21:51 85534 ----a-w- c:\program files\Leggimi di Adobe After Effects CS4.pdf
2008-08-28 18:09 . 2009-02-11 21:51 54092 ----a-w- c:\program files\Léame de Adobe After Effects CS4.pdf
2008-08-28 18:09 . 2009-02-11 21:51 80920 ----a-w- c:\program files\Adobe After Effects CS4 — Lisez-moi.pdf
2008-08-28 18:09 . 2009-02-11 21:51 80508 ----a-w- c:\program files\Adobe After Effects CS4 - Bitte lesen.pdf
2008-08-25 02:59 . 2009-02-11 21:51 63669 ----a-w- c:\program files\Adobe After Effects CS4 Read Me.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]

c:\users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NCProTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk
backup=c:\windows\pss\NCProTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-11-22 09:11 82864 ----a-w- c:\program files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-04-01 18:41 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2006-11-16 22:59 1480296 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\hpadvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-04-19 23:11 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-04-01 18:41 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
2006-11-22 09:12 304048 ----a-w- c:\program files\Lexmark 5400 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS]
2006-11-21 12:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcttime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2006-11-22 09:11 291760 ----a-w- c:\program files\Lexmark 5400 Series\lxctmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-04-01 18:41 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-21 00:47 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):bb,5c,e7,a4,cf,f2,ca,01

R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx86.sys [2007-10-08 892416]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-21 19:30]

2010-05-19 c:\windows\Tasks\User_Feed_Synchronization-{3B5EC866-8A93-4E2E-B6E6-EC2E18C8C982}.job
- c:\windows\system32\msfeedssync.exe [2008-06-17 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {BC1206EB-AE85-4833-901F-16AFF14E1757} = 207.210.47.10,207.210.47.27
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
FF - ProfilePath - c:\users\Hallel\AppData\Roaming\Mozilla\Firefox\Profiles\rdqnamks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-19 23:12
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000020

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxctcoms.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
.
**************************************************************************
.
Completion time: 2010-05-19 23:19:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-20 03:19
ComboFix2.txt 2010-05-14 19:22

Pre-Run: 66,634,792,960 bytes free
Post-Run: 66,383,626,240 bytes free

- - End Of File - - D9150FCE4503B05403469AF4EA458FA0

#39
hammerman

Posted 20 May 2010 - 06:57 AM

Member 4k

Member
4,183 posts

Hi,

Are you still being redirected? If you are, does this happen in both Firefox and IE?

#40
HalYurAznPal

Posted 20 May 2010 - 10:38 AM

Member

Topic Starter
Member
38 posts

Both browsers don't seem to be redirecting anymore.

#41
hammerman

Posted 20 May 2010 - 11:09 AM

Member 4k

Member
4,183 posts

Hi,

Let's check for any remnants.

Please follow these steps.

-- Step 1 --

Run Malwarebytes' Anti-Malware.

Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
Select the Scanner tab, select "Perform Quick Scan", then click Scan
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 2 --

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

#42
HalYurAznPal

Posted 23 May 2010 - 03:44 PM

Member

Topic Starter
Member
38 posts

Here are the logs, sorry for the long reply.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4122

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

20/05/2010 11:43:39 PM
mbam-log-2010-05-20 (23-43-39).txt

Scan type: Quick scan
Objects scanned: 148347
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This is all the ESET log says, but the scan says nothing found/removed.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

#43
hammerman

Posted 24 May 2010 - 12:22 AM

Member 4k

Member
4,183 posts

Hi,

How's your computer running?

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.

#44
HalYurAznPal

Posted 24 May 2010 - 08:23 PM

Member

Topic Starter
Member
38 posts

My computer seems to be running fine now, no more problems.

Here is the log,

OTL logfile created on: 24/05/2010 10:15:22 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Hallel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.81 Gb Total Space | 54.28 Gb Free Space | 18.60% Space Free | Partition Type: NTFS
Drive D: | 6.27 Gb Total Space | 0.88 Gb Free Space | 14.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HALLELUJAH
Current User Name: Hallel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Hallel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\lxctcoms.exe ( )

========== Modules (SafeList) ==========

MOD - C:\Users\Hallel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (stllssvr) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (lxct_device) -- C:\Windows\System32\lxctcoms.exe ( )

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (A5AGU) -- C:\Windows\System32\drivers\agux86.sys (D-Link Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (MagicTune) -- C:\Windows\System32\drivers\MTictwl.sys ()
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (OVT511Plus) -- C:\Windows\System32\drivers\omcamvid.sys (OmniVision Technologies, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/30 01:25:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/07 13:06:26 | 000,000,000 | ---D | M]

[2010/04/30 01:26:01 | 000,000,000 | ---D | M] -- C:\Users\Hallel\AppData\Roaming\mozilla\Extensions
[2010/05/24 22:13:35 | 000,000,000 | ---D | M] -- C:\Users\Hallel\AppData\Roaming\mozilla\Firefox\Profiles\rdqnamks.default\extensions
[2010/05/18 21:26:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hallel\AppData\Roaming\mozilla\Firefox\Profiles\rdqnamks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/17 16:40:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/22 19:20:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/07 13:06:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/07 13:06:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

O1 HOSTS File: ([2010/05/19 23:12:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.210.47.10 207.210.47.42 207.210.47.43
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/04 15:16:02 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/23 20:52:37 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\DivX
[2010/05/23 12:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/22 19:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/05/22 15:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta
[2010/05/22 15:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6
[2010/05/22 14:16:05 | 000,057,344 | ---- | C] (NexiTech, Inc.) -- C:\Windows\System32\Wnaspint.dll
[2010/05/22 14:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Shared Effects
[2010/05/22 14:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Acoustica
[2010/05/19 23:20:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/19 23:20:00 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\temp
[2010/05/19 23:19:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/19 22:56:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/17 16:40:22 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/05/17 16:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/05/17 00:28:13 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Apple Computer
[2010/05/17 00:28:13 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Apple Computer
[2010/05/16 21:02:55 | 000,000,000 | ---D | C] -- C:\Users\Hallel\Desktop\avz4
[2010/05/16 20:56:42 | 000,000,000 | ---D | C] -- C:\Users\Hallel\Desktop\tdsskiller
[2010/05/16 20:35:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/14 15:09:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/14 15:09:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/14 15:09:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/14 15:09:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/13 22:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/05/13 14:59:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/05/13 14:59:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/05/13 14:59:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/12 18:46:07 | 000,000,000 | ---D | C] -- C:\Windows\maxdriver
[2010/05/12 14:51:54 | 000,000,000 | ---D | C] -- C:\Users\Hallel\Desktop\FileLister
[2010/05/12 14:40:08 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Hallel\Desktop\OTL.exe
[2010/05/10 23:43:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/05/09 18:59:22 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Apple
[2010/05/07 13:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/07 13:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/07 12:34:13 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/05/07 12:34:13 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/05/07 12:34:13 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/05/07 12:34:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/05/07 12:34:13 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/05/07 12:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/05/07 12:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/05/06 15:53:02 | 000,000,000 | ---D | C] -- C:\Combo-Fix23342C
[2010/05/06 13:35:33 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/05/02 10:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/04/30 01:49:24 | 000,000,000 | ---D | C] -- C:\Users\Hal\Tracing
[2010/04/30 01:42:07 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\vlc
[2010/04/30 01:25:57 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Mozilla
[2010/04/30 00:15:27 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Macromedia
[2010/04/30 00:15:27 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Adobe
[2010/04/30 00:13:17 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Google
[2010/04/30 00:13:08 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Mozilla
[2010/04/30 00:10:55 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Malwarebytes
[2010/04/30 00:10:32 | 000,000,000 | R--D | C] -- C:\Users\Hal\Searches
[2010/04/30 00:10:15 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Identities
[2010/04/30 00:10:09 | 000,000,000 | R--D | C] -- C:\Users\Hal\Contacts
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\AppData\Local\Temporary Internet Files
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Templates
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Start Menu
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\SendTo
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Recent
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\PrintHood
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\NetHood
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\Documents\My Videos
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\Documents\My Pictures
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\Documents\My Music
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\My Documents
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Local Settings
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\AppData\Local\History
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Cookies
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\AppData\Local\Application Data
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Application Data
[2010/04/30 00:09:40 | 000,000,000 | --SD | C] -- C:\Users\Hallel\AppData\Roaming\Microsoft
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Saved Games
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Pictures
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Links
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Favorites
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Downloads
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Documents
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Desktop
[2010/04/30 00:09:40 | 000,000,000 | -H-D | C] -- C:\Users\Hal\AppData
[2010/04/30 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Microsoft Help
[2010/04/30 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Microsoft
[2010/04/30 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Media Center Programs
[2010/04/30 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Adobe
[2010/04/28 17:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/04/28 12:37:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/27 18:17:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/27 18:17:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/27 15:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/27 15:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/14 23:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2010/03/14 23:04:01 | 000,091,136 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010/03/14 23:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/03/14 23:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010/02/25 00:01:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2007/08/06 16:16:18 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCThcp.dll
[2007/08/06 16:16:16 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll
[2007/08/06 16:16:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll
[2007/08/06 16:16:15 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll
[2007/08/06 16:16:15 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll
[2007/08/06 16:16:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll
[2007/08/06 16:16:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll
[2007/08/06 16:16:14 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll
[2007/08/06 16:16:13 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll
[2007/08/06 16:16:12 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll
[2007/08/06 16:16:10 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll
[2007/08/06 16:16:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/24 22:15:20 | 001,835,008 | -HS- | M] () -- C:\Users\Hallel\ntuser.dat
[2010/05/24 22:04:12 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/24 22:04:12 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/24 22:04:12 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/24 22:01:52 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/24 22:01:46 | 000,524,288 | -HS- | M] () -- C:\Users\Hallel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/24 22:01:46 | 000,065,536 | -HS- | M] () -- C:\Users\Hallel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/24 21:59:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/24 21:59:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/24 21:59:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/24 21:59:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/24 21:59:03 | 2135,429,120 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/24 12:15:10 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3B5EC866-8A93-4E2E-B6E6-EC2E18C8C982}.job
[2010/05/23 21:46:29 | 001,672,321 | -H-- | M] () -- C:\Users\Hallel\AppData\Local\IconCache.db
[2010/05/23 20:53:59 | 000,016,896 | ---- | M] () -- C:\Users\Hallel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/20 13:17:08 | 000,005,216 | ---- | M] () -- C:\Users\Hallel\AppData\Local\d3d9caps.dat
[2010/05/20 12:33:57 | 000,077,928 | ---- | M] () -- C:\Users\Hallel\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/19 23:12:50 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/19 23:12:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/19 22:56:07 | 003,692,000 | R--- | M] () -- C:\Users\Hallel\Desktop\ComboFix.exe
[2010/05/18 21:27:25 | 000,100,908 | ---- | M] () -- C:\Users\Hallel\Desktop\SystemLook.exe
[2010/05/17 16:46:36 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/05/13 22:21:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/13 22:20:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/13 15:05:58 | 002,431,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/12 19:03:22 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/05/12 18:45:23 | 001,138,992 | ---- | M] () -- C:\Users\Hallel\Desktop\maxlook.exe
[2010/05/12 14:51:21 | 000,020,359 | ---- | M] () -- C:\Users\Hallel\Desktop\FileLister.zip
[2010/05/12 14:40:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Hallel\Desktop\OTL.exe
[2010/05/07 23:20:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/07 23:13:43 | 000,001,722 | ---- | M] () -- C:\Users\Hallel\Desktop\Windows Live Messenger.lnk
[2010/05/07 12:34:17 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/05/07 11:27:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/05/06 12:49:51 | 181,043,218 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/30 01:25:52 | 000,001,750 | ---- | M] () -- C:\Users\Hallel\Desktop\Mozilla Firefox.lnk
[2010/04/30 00:43:39 | 000,000,340 | ---- | M] () -- C:\Users\Hallel\Desktop\Hal's Stuff.lnk
[2010/04/30 00:20:36 | 000,524,288 | -HS- | M] () -- C:\Users\Hallel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 00:13:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/30 00:09:42 | 000,000,020 | -HS- | M] () -- C:\Users\Hallel\ntuser.ini
[2010/04/29 23:59:36 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/27 18:17:51 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/27 15:07:58 | 000,000,318 | ---- | M] () -- C:\Windows\wininit.ini
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/03/14 23:17:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/18 21:27:25 | 000,100,908 | ---- | C] () -- C:\Users\Hallel\Desktop\SystemLook.exe
[2010/05/17 16:46:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/14 15:09:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/14 15:09:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/14 15:09:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/14 15:09:31 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/14 15:09:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/14 15:08:22 | 003,692,000 | R--- | C] () -- C:\Users\Hallel\Desktop\ComboFix.exe
[2010/05/13 22:21:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/13 22:20:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/12 18:45:22 | 001,138,992 | ---- | C] () -- C:\Users\Hallel\Desktop\maxlook.exe
[2010/05/12 14:51:21 | 000,020,359 | ---- | C] () -- C:\Users\Hallel\Desktop\FileLister.zip
[2010/05/11 21:14:18 | 000,005,216 | ---- | C] () -- C:\Users\Hallel\AppData\Local\d3d9caps.dat
[2010/05/07 23:21:45 | 2135,429,120 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/07 12:34:17 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/30 01:49:11 | 000,001,722 | ---- | C] () -- C:\Users\Hallel\Desktop\Windows Live Messenger.lnk
[2010/04/30 01:25:52 | 000,001,750 | ---- | C] () -- C:\Users\Hallel\Desktop\Mozilla Firefox.lnk
[2010/04/30 00:48:53 | 000,016,896 | ---- | C] () -- C:\Users\Hallel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 00:43:39 | 000,000,340 | ---- | C] () -- C:\Users\Hallel\Desktop\Hal's Stuff.lnk
[2010/04/30 00:13:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/30 00:09:42 | 000,524,288 | -HS- | C] () -- C:\Users\Hal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 00:09:42 | 000,524,288 | -HS- | C] () -- C:\Users\Hal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 00:09:42 | 000,262,144 | -H-- | C] () -- C:\Users\Hal\ntuser.dat.LOG1
[2010/04/30 00:09:42 | 000,065,536 | -HS- | C] () -- C:\Users\Hal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/30 00:09:42 | 000,000,020 | -HS- | C] () -- C:\Users\Hal\ntuser.ini
[2010/04/30 00:09:42 | 000,000,000 | -H-- | C] () -- C:\Users\Hal\ntuser.dat.LOG2
[2010/04/30 00:09:40 | 001,835,008 | -HS- | C] () -- C:\Users\Hal\ntuser.dat
[2010/04/27 18:17:51 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/27 13:37:43 | 000,000,318 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/14 23:17:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009/10/20 16:44:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/27 15:04:44 | 000,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/08/27 15:04:32 | 000,811,835 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/08/27 15:03:52 | 004,456,201 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/08/25 14:07:36 | 000,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/08/25 13:38:04 | 000,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/08/25 12:56:56 | 000,829,781 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/25 12:37:02 | 000,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/06/02 13:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/06/02 13:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/06/02 13:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/06/02 13:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/06/02 13:14:30 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/06/02 13:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/06/02 13:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/06/02 13:11:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/06/02 13:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/16 08:47:36 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/03/25 09:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/06 16:21:28 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll
[2007/08/06 16:18:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lxctpmon.dll
[2007/08/06 16:18:48 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCTFXPU.DLL
[2007/08/06 16:16:20 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll
[2007/08/06 16:16:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll
[2007/08/06 12:57:31 | 000,013,396 | ---- | C] () -- C:\Windows\System32\drivers\MTictwl.sys
[2007/07/10 13:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/03/06 14:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/01/04 15:06:02 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/01/04 15:06:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/01/04 14:59:20 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 13:17:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll
[2006/08/08 11:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll
[2006/05/03 10:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll
[2006/04/24 23:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll
[2001/09/18 12:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bmpproc.dll

========== LOP Check ==========

[2010/05/24 16:33:46 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/24 12:15:10 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3B5EC866-8A93-4E2E-B6E6-EC2E18C8C982}.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2009/02/11 17:51:05 | 000,212,991 | ---- | M] ()(C:\Program Files\Adobe After Effects CS4 ????.pdf) -- C:\Program Files\Adobe After Effects CS4 읽어보기.pdf
[2009/02/11 17:51:05 | 000,143,872 | ---- | M] ()(C:\Program Files\Adobe After Effects CS4 ???????.pdf) -- C:\Program Files\Adobe After Effects CS4 お読みください.pdf
< End of report >

#45
hammerman

Posted 25 May 2010 - 12:29 PM

Member 4k

Member
4,183 posts

Hi,

Your computer appears clean

Let's remove the tools we've been using.

Please follow these steps.

-- Step 1 --

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

-- Step 2 --

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

-- Step 3 --

Go Start>Run ("Start Search" in Vista/7), type in:

maxlook -cleanup followed by ENTER

You may now delete maxlook.exe

-- Step 4 --

Delete the FileLister and AVZ folders and any logs produced.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.

Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

Adobe Updates

You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.