Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Patched.CJ Virus [Solved]


  • This topic is locked This topic is locked

#1
Rakh

Rakh

    New Member

  • Member
  • Pip
  • 8 posts
I'm using AVG V9 and have caught a virus called Patched.CJ AVG tells me is white listed & cannot be removed as it's a critical system file.

This is what the scan says

"C:\WINDOWS\system32\drivers\atapi.sys";"Virus identified Win32/Patched.CJ";"Object is white-listed

Any help would be appreciated

Thanks
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:
  • Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


OTL Custom Scan
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /180

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.


NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
  • 0

#3
Rakh

Rakh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I am having problems getting GMER to finish scanning. After about an hour into the scan the computer just restarts. I am able to get the OTL and the extra logs though.

OTL Log

OTL logfile created on: 5/23/2010 7:43:17 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.47 Gb Total Space | 50.48 Gb Free Space | 28.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AIM\aim.exe (America Online, Inc.)
PRC - C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\vbptask.exe (FarStone Tech. Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (aspnet_state) -- File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3697.dll ()
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (XDva349) -- File not found
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (atapi) -- C:\WINDOWS\system32\DRIVERS\atapi.sys ()
DRV - (HidBatt) -- C:\WINDOWS\system32\drivers\hidbatt.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (STEC3) -- C:\WINDOWS\system32\STEC3.sys (AntiCracking)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (VVBackd5) -- C:\WINDOWS\system32\drivers\VVBackd5.sys ()
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (ADM8511) -- C:\WINDOWS\system32\drivers\ADM8511.SYS (ADMtek Incorporated)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.22
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.77
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/05/23 06:29:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 14:24:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 14:08:34 | 000,000,000 | ---D | M]

[2008/12/05 18:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2010/05/23 14:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions
[2010/03/27 02:08:00 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/02/06 04:40:35 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/05/13 10:25:37 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/18 14:37:44 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/10/23 18:47:53 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010/05/14 10:23:38 | 000,000,000 | ---D | M] (GameFOX) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2010/05/18 13:04:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/30 18:10:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/27 02:08:00 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/09 10:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/06 05:16:28 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2010/01/28 21:17:26 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2010/04/02 02:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\[email protected]
[2010/05/23 14:16:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/09/07 10:05:15 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IE2EMBHO Class) - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files\eMule\modules\IE2EM.dll (VeryCD.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RestoreIT!] C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE (FarStone Tech. Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\owner\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download by easyMule - C:\Program Files\eMule\IE2EM.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/01 07:47:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/05/01 17:04:36 | 000,000,485 | ---- | M] () - C:\AutoSetup.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/05/01 07:47:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 19:41:51 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2010/05/23 11:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\Unused Desktop Shortcuts
[2010/05/23 06:32:18 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/23 06:32:15 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/23 06:32:08 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/23 06:32:05 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/23 06:31:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/23 04:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/05/23 04:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/05/23 04:23:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/05/06 20:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\MSNInstaller
[2010/05/05 12:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Roms
[2010/05/03 17:52:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\owner\IECompatCache
[2010/05/02 22:00:02 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/26 16:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sol Edit
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 19:41:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2010/05/23 19:18:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1682526488-839522115-1003UA.job
[2010/05/23 17:16:59 | 021,495,808 | ---- | M] () -- C:\Documents and Settings\owner\NTUSER.DAT
[2010/05/23 15:28:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 15:27:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 15:27:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 15:26:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\owner\ntuser.ini
[2010/05/23 11:13:57 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/05/23 11:13:56 | 000,000,715 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/23 11:13:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/23 06:32:20 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/23 06:32:18 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/23 06:32:09 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/23 06:32:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/23 06:32:05 | 060,300,038 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/23 06:32:05 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/23 04:40:43 | 000,393,932 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/23 04:40:43 | 000,338,298 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/23 04:40:43 | 000,050,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/23 03:47:54 | 003,360,052 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Goo Goo Dolls - Black Balloon (Acoustic) .mp3
[2010/05/23 03:44:49 | 003,760,027 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Goo Goo Dolls - Black Balloon.mp3
[2010/05/23 02:18:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1682526488-839522115-1003Core.job
[2010/05/21 10:56:50 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/21 06:57:35 | 002,110,278 | -H-- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\IconCache.db
[2010/05/21 06:55:10 | 003,119,704 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Dryer - Seen Enough .mp3
[2010/05/21 06:49:52 | 004,480,196 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\B.o.B ft. Eminem & Hayley Williams - Airplanes Part 2 (With Lyrics).mp4.mp3
[2010/05/20 23:49:55 | 008,523,869 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\The_Breaker_v09_c61_a-team_.rar
[2010/05/19 16:52:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/17 08:42:40 | 002,128,515 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Howie Day - She Says.mp3
[2010/05/12 09:15:53 | 000,103,936 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/09 10:07:14 | 000,094,256 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/07 22:56:23 | 000,335,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/04 06:06:50 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\vso_ts_preview.xml
[2010/05/03 19:58:34 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\CareerBuilder.com Jobs - The Largest Job Search, Employment & Careers Site.url
[2010/05/03 19:08:35 | 000,000,268 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Research Correspondent (214807-043) job in Saddle River, NJ Other careers - Yahoo HotJobs.url
[2010/05/02 22:36:00 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/30 00:46:16 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Find Jobs - Level 1 Computer Technician Jobs in Bayside, New York - St. Mary's Hospital for Children.url
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 15:18:56 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Google Chrome.lnk
[2010/04/27 02:18:56 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/23 06:32:05 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/23 06:31:59 | 060,300,038 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/23 03:45:38 | 003,360,052 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Goo Goo Dolls - Black Balloon (Acoustic) .mp3
[2010/05/23 03:42:16 | 003,760,027 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Goo Goo Dolls - Black Balloon.mp3
[2010/05/21 06:53:27 | 003,119,704 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Dryer - Seen Enough .mp3
[2010/05/21 06:46:38 | 004,480,196 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\B.o.B ft. Eminem & Hayley Williams - Airplanes Part 2 (With Lyrics).mp4.mp3
[2010/05/20 23:48:48 | 008,523,869 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\The_Breaker_v09_c61_a-team_.rar
[2010/05/17 08:41:06 | 002,128,515 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Howie Day - She Says.mp3
[2010/05/03 19:58:34 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\CareerBuilder.com Jobs - The Largest Job Search, Employment & Careers Site.url
[2010/04/30 00:46:16 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Find Jobs - Level 1 Computer Technician Jobs in Bayside, New York - St. Mary's Hospital for Children.url
[2010/04/30 00:22:47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Research Correspondent (214807-043) job in Saddle River, NJ Other careers - Yahoo HotJobs.url
[2010/04/12 07:33:27 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/02/21 09:13:10 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/08 00:38:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2008/12/03 18:44:33 | 000,000,111 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2008/07/31 09:40:54 | 000,001,605 | ---- | C] () -- C:\WINDOWS\PROGRA~7.INI
[2008/07/28 13:46:16 | 000,001,639 | ---- | C] () -- C:\WINDOWS\ProgramLive.INI
[2007/12/12 01:39:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/14 14:13:41 | 000,000,027 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
[2007/10/13 23:36:04 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/06/08 11:22:02 | 000,000,628 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/26 16:27:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/03/17 17:18:44 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/04 06:47:29 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2006/10/06 15:57:36 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/08/17 11:22:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/05/08 18:23:41 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVSyf.DLL
[2006/05/08 18:23:17 | 000,000,356 | ---- | C] () -- C:\WINDOWS\System32\CNCASv51.ini
[2006/05/08 18:23:09 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\CNCMP51.INI
[2006/05/05 13:30:28 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/05/05 13:30:28 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/05/05 13:30:28 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/05/05 13:28:40 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/05/05 12:07:06 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/05/05 12:01:14 | 000,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/05/05 12:01:14 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7261.sys
[2006/05/02 13:17:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/02 13:15:33 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/05/02 12:25:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/05/02 12:25:00 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/05/01 17:04:41 | 000,180,074 | ---- | C] () -- C:\WINDOWS\System32\drivers\VVBackd5.sys
[2006/05/01 16:19:24 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/05/01 15:26:47 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/01 13:54:10 | 000,013,373 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2006/05/01 13:54:07 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2006/05/01 12:36:37 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/05/01 12:36:21 | 000,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2006/05/01 12:36:21 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2006/05/01 12:36:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2006/05/01 12:36:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/05/01 12:36:10 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/05/01 12:24:58 | 000,003,078 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/05/01 12:24:57 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/03/18 09:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2005/01/22 16:29:53 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/12/20 06:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 06:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/14 17:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/14 17:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 17:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/14 16:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/11/15 08:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/11/22 08:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\360safe
[2010/05/23 06:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/12/21 18:03:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/06/24 16:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2007/02/17 02:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/09/19 23:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/05/23 04:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/23 15:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/01/31 12:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/03/29 02:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007/08/13 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/05/23 04:23:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009/11/22 08:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\360safe
[2009/11/22 05:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\360se
[2007/03/17 17:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\acccore
[2006/05/02 22:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Aim
[2009/01/07 20:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Any Video Converter
[2008/12/03 18:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Any Video Converter Professional
[2010/01/04 01:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\AVG9
[2010/05/19 10:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Azureus
[2009/02/05 03:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\BDL+D
[2007/02/17 02:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Canon
[2007/04/04 07:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Command & Conquer 3 Tiberium Wars
[2007/02/27 00:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Command & Conquer 3 Tiberium Wars Demo
[2006/05/02 23:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\CoreCodec
[2007/03/15 22:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\fltk.org
[2007/04/13 00:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\FLV Extract
[2008/05/30 12:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\GARMIN
[2006/05/06 03:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\GlobalSCAPE
[2008/04/18 23:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\gtk-2.0
[2007/04/26 15:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Leadertech
[2009/04/11 07:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Moyea
[2010/05/06 20:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\MSNInstaller
[2006/08/25 09:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\My Games
[2009/09/20 00:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\NeopleLauncherDFO
[2008/06/15 15:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Nexon
[2010/03/03 14:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\StreamTorrent
[2007/01/20 19:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\System Requirements Lab
[2009/01/12 13:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\SystemRequirementsLab
[2008/06/30 00:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\TuneUp Software
[2010/05/04 06:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Vso
[2006/07/24 15:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Webshots
[2009/08/28 15:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Xilisoft Corporation

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/05/01 07:47:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/05/01 17:04:36 | 000,000,485 | ---- | M] () -- C:\AutoSetup.log
[2008/01/16 13:40:18 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010/05/23 11:13:57 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2008/07/01 17:16:32 | 000,003,680 | ---- | M] () -- C:\Bug.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2006/05/01 07:47:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/05/01 17:04:41 | 000,009,131 | ---- | M] () -- C:\Dpssetup.log
[2006/10/09 12:29:41 | 000,900,461 | ---- | M] () -- C:\EasyShare.dmp
[2008/07/14 09:04:28 | 000,000,154 | ---- | M] () -- C:\fairuse.log
[2006/12/10 21:35:17 | 000,008,012 | ---- | M] () -- C:\ind-srt2.clt
[2006/05/01 07:47:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/01/08 01:47:24 | 000,002,053 | -H-- | M] () -- C:\IPH.PH
[2006/05/01 13:54:18 | 000,004,407 | ---- | M] () -- C:\mmcInst.log
[2006/05/01 07:47:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/01/16 04:07:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2006/05/30 23:44:39 | 000,004,096 | ---- | M] () -- C:\ntldr.srm
[2010/05/23 15:27:49 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2006/05/01 17:04:35 | 000,024,068 | ---- | M] () -- C:\PartitionCut.log
[2008/06/29 16:30:46 | 000,003,362 | ---- | M] () -- C:\rundll32.txt
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2006/12/16 16:12:11 | 000,000,029 | ---- | M] () -- C:\wizard.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/05/01 03:38:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/05/01 03:38:27 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/05/01 03:38:27 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/23 06:32:09 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/05/23 06:32:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/05/23 06:32:18 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/01/16 04:22:42 | 000,096,384 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd7261.sys
[2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Files - Unicode (All) ==========
[2010/02/22 19:59:56 | 010,183,882 | ---- | C] ()(C:\Documents and Settings\All Users\Documents\5 ?????.mp3) -- C:\Documents and Settings\All Users\Documents\5 銀のめぐり.mp3
[2009/03/09 20:08:39 | 010,183,882 | ---- | M] ()(C:\Documents and Settings\All Users\Documents\5 ?????.mp3) -- C:\Documents and Settings\All Users\Documents\5 銀のめぐり.mp3
[2008/11/06 01:45:40 | 007,785,646 | ---- | C] ()(C:\Documents and Settings\All Users\Documents\07. ???? ~ Ghostly Eyes _I_.mp3) -- C:\Documents and Settings\All Users\Documents\07. 幻視の夜 ~ Ghostly Eyes _I_.mp3
[2007/06/01 20:42:42 | 007,785,646 | ---- | M] ()(C:\Documents and Settings\All Users\Documents\07. ???? ~ Ghostly Eyes _I_.mp3) -- C:\Documents and Settings\All Users\Documents\07. 幻視の夜 ~ Ghostly Eyes _I_.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 362 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
< End of report >


Extras Log

OTL Extras logfile created on: 5/23/2010 7:43:17 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.47 Gb Total Space | 50.48 Gb Free Space | 28.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9842:TCP" = 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP" = 9842:UDP:*:Disabled:SolidNetworkManager
"1030:TCP" = 1030:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
".sol Editor" = .sol Editor 1.1.0.1
"{03ABC33C-10B1-400E-B1FA-E817FE98D11C}" = YUME MIRU KUSURI
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}" = Garmin Communicator Plugin
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = HydraVision
"{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}" = DAO
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{58F8C6D9-5B55-486A-A322-4E8D87670031}" = Canon MP Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AE22174-4FFA-4572-B692-31F0C386ED38}" = Consolas Font Family
"{734BB64A-5A3D-4624-867D-6358B7068496}" = Sound Blaster Live! 24-bit
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{9DA00558-6566-484C-87BC-1650BCF60446}" = ATI DVD Decoder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.0.251
"{C8A86EA6-DB77-4A33-830F-D5BCCC24457A}" = ギャラクシーエンジェル
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CDB7CEA6-E010-482B-9A81-70A1DB242C8C}" = HentHighschool
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}" = Garmin City Navigator North America NT 2009 Update
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E957696E-6D13-4B92-AF02-2073D7D522B4}" = ATI Multimedia Center 7.8.0.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"Akamai" = Akamai NetSession Interface
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"Avidemux 2.4" = Avidemux 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Azureus" = Azureus
"BattleMoonWars嬧 戞巐晹" = BattleMoonWars嬧 戞巐晹
"BattleMoonWars嬧 戞嶰晹" = BattleMoonWars嬧 戞嶰晹
"BlueJ_is1" = BlueJ 2.1.2
"CDex" = CDex extraction audio
"CDisplay_is1" = CDisplay 1.8
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"Defraggler" = Defraggler
"DFO" = DFOLauncher
"DivX Content Uploader" = DivX Content Uploader
"DVD Decrypter" = DVD Decrypter (Remove Only)
"easyMule" = easyMule
"eMule VeryCD " = eMule VeryCD
"eMule VeryCD版" = eMule VeryCD版
"FairUse Wizard 2" = FairUse Wizard 2
"FlashGet(JetCar)" = FlashGet(JetCar)
"FLVPlayer" = FLV Player 1.3.3
"GrabIt_is1" = GrabIt 1.6.2 Beta (build 940)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InFlac" = InFlac 1.1.1
"InstallShield_{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}" = DAO
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{9DA00558-6566-484C-87BC-1650BCF60446}" = ATI DVD Decoder
"IrfanView" = IrfanView (remove only)
"KSignAccessToolkit" = KSignAccessToolkit v1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Panda ActiveScan" = Panda ActiveScan
"RealAlt_is1" = Real Alternative 1.49
"RestoreIT!" = RestoreIT!
"Sengoku Rance English_is1" = Sengoku Rance English v1.0
"SLD Codec Pack" = SLD Codec Pack
"SolidStateIONIE" = Solid State ION Internet Explorer Plugin
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Steam App 440" = Team Fortress 2
"StreamTorrent 1.0" = StreamTorrent 1.0
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"The Core Media Player" = The Core Media Player 4.0
"TVAnts 1.0" = TVAnts 1.0
"Veetle TV" = Veetle TV 0.9.17
"Virtools3DLifePlayer" = Virtools 3D Life Player
"VISPROR" = Microsoft Office Visio Professional 2007
"Webshots Desktop_is1" = Webshots Desktop
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xuse 永遠のアセリア - この大地の果てで -" = Xuse 永遠のアセリア - この大地の果てで - (Remove Only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AikaOnline" = AikaOnline
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2009 2:20:18 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/23/2009 12:16:05 AM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application nero.exe, version 6.6.0.16, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/26/2009 5:19:20 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x0d5e1afc.

Error - 3/31/2009 9:03:24 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/31/2009 9:58:16 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/6/2009 1:52:14 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application mplayerc.exe, version 6.4.9.0, faulting module
splitter.ax, version 1.7.189.11, fault address 0x00017607.

Error - 4/7/2009 12:17:35 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.3861.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 4/7/2009 4:54:06 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16674, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/7/2009 5:51:32 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16674, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/9/2009 3:44:09 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application mmc.exe, version 5.1.2600.2180, faulting module
dfrgui.dll, version 13.0.835.0, fault address 0x00049a20.

[ System Events ]
Error - 5/23/2010 4:36:06 AM | Computer Name = COMPUTER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AVG\AVG9\avgfrw.exe.
Reference
error message: The operation completed successfully. .

Error - 5/23/2010 4:39:05 AM | Computer Name = COMPUTER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/23/2010 4:39:05 AM | Computer Name = COMPUTER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
message: The referenced assembly is not installed on your system. .

Error - 5/23/2010 4:39:05 AM | Computer Name = COMPUTER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AVG\AVG9\avgtray.exe.
Reference
error message: The operation completed successfully. .

Error - 5/23/2010 6:17:45 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/23/2010 11:14:00 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/23/2010 11:17:51 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/23/2010 11:18:12 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 2 time(s).

Error - 5/23/2010 3:28:08 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/23/2010 3:28:11 PM | Computer Name = COMPUTER | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft Office Document Image
Writer share name Printer.


< End of report >
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Please attempt to run the GMER scan after running DeFogger.
  • 0

#5
Rakh

Rakh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I ran the GMER successfully in safe mode. The problem I have now is that the resolution is so low in safe mode that I can't see the copy and save buttons below the scan button. I tried moving the window around and expanding it but the window just won't get any bigger. Is there another way I can save the log?
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Do you see any entries in Red, any entries that say <-- RootKits by them, or any entries that say Suspicious Modification?
  • 0

#7
Rakh

Rakh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Don't see any entries in red.
There is one with suspicious modification
C:\windows\system32\drivers\atapi.sys
Nothing with rootkits by them.
  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Okay. Please do the following.

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#9
Rakh

Rakh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the ComboFix log

ComboFix 10-05-23.08 - owner 05/24/2010 13:46:16.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.946 [GMT -4:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\owner\Application Data\inst.exe
c:\documents and settings\owner\Local Settings\Tempals_inst.exe
c:\program files\Cheat Engine\dbk32.sys
c:\program files\INSTALL.LOG
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\jestertb.dll
c:\windows\system32\Data
c:\windows\system32\STEC3.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_STEC3
-------\Legacy_ZHUDONGFANGYU
-------\Service_STEC3


((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.

2010-05-23 10:32 . 2010-05-23 10:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-23 10:32 . 2010-05-23 10:32 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-23 10:32 . 2010-05-23 10:32 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-23 10:32 . 2010-05-23 10:32 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-23 10:31 . 2010-05-24 09:29 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-23 08:24 . 2010-05-23 19:31 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-05-23 08:23 . 2010-05-23 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-05-23 08:23 . 2010-05-23 08:23 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-07 00:44 . 2010-05-07 00:44 -------- d-----w- c:\documents and settings\owner\Application Data\MSNInstaller
2010-05-03 21:52 . 2010-05-03 21:52 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2010-05-03 02:00 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-26 20:13 . 2010-05-03 01:44 -------- d-----w- c:\program files\Sol Edit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 17:54 . 2010-03-16 06:34 -------- d-----w- c:\program files\Common Files\Akamai
2010-05-24 17:51 . 2010-04-12 11:33 -------- d-----w- c:\program files\Cheat Engine
2010-05-23 15:19 . 2007-11-23 22:04 -------- d-----w- c:\program files\Steam
2010-05-23 13:12 . 2009-08-12 10:02 188152 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\FlashGot.exe
2010-05-23 10:27 . 2010-01-04 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-23 08:25 . 2007-06-24 06:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-23 06:15 . 2007-06-02 21:16 -------- d-----w- c:\program files\SpeedFan
2010-05-19 14:51 . 2006-05-03 02:37 -------- d-----w- c:\documents and settings\owner\Application Data\Azureus
2010-05-09 14:07 . 2006-05-01 16:19 94256 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 00:30 . 2008-07-01 21:31 -------- d-----w- c:\program files\SpywareBlaster
2010-05-04 10:06 . 2007-11-03 07:10 -------- d-----w- c:\documents and settings\owner\Application Data\Vso
2010-05-03 21:54 . 2009-02-15 02:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 19:39 . 2009-02-15 02:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-02-15 02:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 16:49 . 2006-05-01 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-08 10:34 . 2008-01-21 20:38 -------- d-----w- c:\program files\G-Collections
2010-04-05 00:15 . 2010-04-05 00:15 -------- d-----w- c:\program files\Veetle
2010-03-10 06:15 . 2005-01-22 20:37 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2005-01-22 20:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-01-22 20:42 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2003-12-18 15:33 . 2007-07-08 00:50 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 11:46 . 2007-07-08 00:50 10960 ----a-w- c:\program files\EULA.txt
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . AAC640F7C769545CFC962F168EF99C98 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
2009-05-27 20:31 147928 ----a-w- c:\program files\eMule\modules\IE2EM.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-13 294912]
"RestoreIT!"="c:\program files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" [2003-03-26 208896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-16 149280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\owner\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-7-24 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-23 10:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^owner^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\owner\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-25 02:57 133104 ----atw- c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-05-03 05:27 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"aspnet_state"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"1031:TCP"= 1031:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [5/1/2006 5:04 PM 180074]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2010 6:32 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2010 6:32 AM 242896]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1/22/2005 4:30 PM 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/23/2010 6:30 AM 308064]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [5/1/2006 8:01 AM 20160]
S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/5/2006 12:01 PM 642560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1682526488-839522115-1003Core.job
- c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-25 02:57]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1682526488-839522115-1003UA.job
- c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-25 02:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download by easyMule - c:\program files\eMule\IE2EM.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\owner\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-DAEMON Tools-1033 - c:\program files\D-Tools\daemon.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Xuse\8l`恘0񇠴00 *
*S0n0'Y0Wn0済f0g0 *
]
"Order"=hex:08,00,00,00,02,00,00,00,16,03,00,00,01,00,00,00,06,00,00,00,98,00,
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\

[HKEY_USERS\S-1-5-21-117609710-1682526488-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c1,59,f2,93,ca,95,64,52,4c,c8,ec,02,19,8b,07,c8,be,8c,74,28,52,79,2f,
c3,53,6e,3e,a0,0b,e0,19,8d,8e,5f,f0,ae,93,1e,28,74,a2,02,59,5d,ab,ef,cc,1c,\
"??"=hex:9d,1c,be,28,e9,d9,e2,ec,55,b4,35,85,0f,32,fa,bd

[HKEY_USERS\S-1-5-21-117609710-1682526488-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:33,2a,a1,07,d7,cf,50,22,01,f4,83,52,8c,59,cd,5d,6e,2d,69,36,50,
9c,b8,2f,26,df,22,2e,23,bf,f1,28,5b,62,0a,fd,d8,c7,cf,7e,a0,94,59,b5,48,19,\
"rkeysecu"=hex:ed,4c,b7,cf,ae,0b,b8,4d,eb,6b,8d,33,4e,45,3a,c1

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="17E1B515B7593705FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BE
CC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B
9808A6A0AC4980AC79339084EDAFB24B78B48AA684F64FEAD42DAC700FA9A6794AB7D67D12B3799B4
F53DED3E85527609B8DF6AF4B017AE6D579E37126DA490194A2FE05C7B8DDF131248A6CD4B7B334E6
C2D64D0FE884D8C0A0B715F58428EF5D7447AD252EB9837E5CFB3A93CD9A216C3D8EF099F53C739D2
EA6F74ADC3EF140796CD99C5B551589294F09DE0E1224512936F007F0648E86EF6997471DFAD6EE40
61D2748E6F8EB67B540B427645DF51F71A86C8A6B4232DF668D7E0064392AC1DCDC64814B7FEFE868
CD41C075199BADF3C52A3695651D21A400261586F3D52260B4386425315EFC0B06023C4C8BB6FD7CF
D5AE906ADC4F73433E67DBCA93CB3627BEF26F5C272B69AC8ADB393154E520BEF7587283AA8E62781
F63DA1573986C661023F6DE2CE57E9F9524EE04952837248161EF27C78F0716169B2404E1CE2D3E75
81395BC36944DB262B78AF54D363D0A15EE7D1E064490C7AAA0A3E08951FD88E4F1A482D9245EAC5F
4E8978B1C2DC86BB7C272CA36D2FB09FC63E02F292D165F1C000ECCD3C98863595A8FD747634654AA
68EBFB3F903960D40C79C95A860750D05888ACB0E5A2CD8268E27CAF15B4384746958ECEB5CF04C86
08E690D9E72AC26110BF942E9DC3BF134CFDD429834D3F2CF39424838FB5BC04517C7392C53A72E1F
5884B8F10FC67B63080883869ACA66F79779225330B17D1F00C06BA958D3C8F9ABC1535745EB469CB
02708BC6FA2AE3A613BE9038F360EDAA853C5D7E32BAD1CAFCAE63ABD0DCD8CE40E7A5BEE462B9441
32BC8B77FCD8E564A279398C87E70687DB5D806E6F63E6B23199480B8413884EAD4E71F17C98337C7
84F949BAA563BC65634D17C3CA85C9B2CB7ADE60FEC991A20E600C212D938AB40267592B82C44F6BF
FC19440017A8963CB9765BFA9654A62160455E7A007124896BABA0BBEDAB953FDB08D52EF9078C439
B54F44541C4EAEBAB92ED5A3FDC8708A4C8AE9D788113238B91749AF0B7DB486ABEF4CB6F7DD2DD4A
7ED0B9227C6F946A24D5307AD8D5DCD76E177FEE8056F2C9EACECF7D92BC7B54E396038658E6A9685
AE42776CAB37F239B6979BDA9C292EE5AACF7159E7BE9F55F85861E79EDE75FC95F1C43F17C4562D7
CA8A777FDA98254B69CFB840D6F56D5597F66DEFF914A215F9898AED718A9E2750980C53CB1CC8C29
5453C18898C0EE8796BD0CD71949CA4A1D14DE245D0F4D23F6B3F7839D44D8B76A9C94BC1C2BE870D
60F3A93175C62272B8DBF7233C17E695B1AA49B723B9B20534DB84244E7B5D67B4D89D8968327D406
6DED8A6964AB200FCB7A0D1062708"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(448)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2700)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Webshots\webshots.scr
.
**************************************************************************
.
Completion time: 2010-05-24 13:58:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-24 17:58

Pre-Run: 54,005,731,328 bytes free
Post-Run: 54,756,962,304 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 317047D0983533079CF2039BB13EEE2D

Thanks

Attached Files


  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /180

  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.



NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ComboFix scan.
3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ESET Online Virus Scanner.
5. The log that was produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.
  • 0

Advertisements


#11
Rakh

Rakh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here are the logs of everything requested.

2.ComboFix Log

ComboFix 10-05-23.08 - owner 05/24/2010 14:43:05.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1009 [GMT -4:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.

2010-05-23 10:32 . 2010-05-23 10:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-23 10:32 . 2010-05-23 10:32 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-23 10:32 . 2010-05-23 10:32 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-23 10:32 . 2010-05-23 10:32 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-23 10:31 . 2010-05-24 09:29 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-23 08:24 . 2010-05-23 19:31 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-05-23 08:23 . 2010-05-23 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-05-23 08:23 . 2010-05-23 08:23 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-07 00:44 . 2010-05-07 00:44 -------- d-----w- c:\documents and settings\owner\Application Data\MSNInstaller
2010-05-03 21:52 . 2010-05-03 21:52 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2010-05-03 02:00 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-26 20:13 . 2010-05-03 01:44 -------- d-----w- c:\program files\Sol Edit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 18:48 . 2010-03-16 06:34 -------- d-----w- c:\program files\Common Files\Akamai
2010-05-24 17:51 . 2010-04-12 11:33 -------- d-----w- c:\program files\Cheat Engine
2010-05-23 15:19 . 2007-11-23 22:04 -------- d-----w- c:\program files\Steam
2010-05-23 13:12 . 2009-08-12 10:02 188152 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\FlashGot.exe
2010-05-23 10:27 . 2010-01-04 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-23 08:25 . 2007-06-24 06:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-23 06:15 . 2007-06-02 21:16 -------- d-----w- c:\program files\SpeedFan
2010-05-19 14:51 . 2006-05-03 02:37 -------- d-----w- c:\documents and settings\owner\Application Data\Azureus
2010-05-09 14:07 . 2006-05-01 16:19 94256 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 00:30 . 2008-07-01 21:31 -------- d-----w- c:\program files\SpywareBlaster
2010-05-04 10:06 . 2007-11-03 07:10 -------- d-----w- c:\documents and settings\owner\Application Data\Vso
2010-05-03 21:54 . 2009-02-15 02:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 19:39 . 2009-02-15 02:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-02-15 02:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 16:49 . 2006-05-01 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-08 10:34 . 2008-01-21 20:38 -------- d-----w- c:\program files\G-Collections
2010-04-05 00:15 . 2010-04-05 00:15 -------- d-----w- c:\program files\Veetle
2010-03-10 06:15 . 2005-01-22 20:37 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2005-01-22 20:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-01-22 20:42 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2003-12-18 15:33 . 2007-07-08 00:50 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 11:46 . 2007-07-08 00:50 10960 ----a-w- c:\program files\EULA.txt
.

((((((((((((((((((((((((((((( [email protected]_17.53.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-01-22 20:29 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
2009-05-27 20:31 147928 ----a-w- c:\program files\eMule\modules\IE2EM.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-13 294912]
"RestoreIT!"="c:\program files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" [2003-03-26 208896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-16 149280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\owner\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-7-24 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-23 10:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^owner^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\owner\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-25 02:57 133104 ----atw- c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-05-03 05:27 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"aspnet_state"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"1203:TCP"= 1203:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [5/1/2006 5:04 PM 180074]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2010 6:32 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2010 6:32 AM 242896]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1/22/2005 4:30 PM 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/23/2010 6:30 AM 308064]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [5/1/2006 8:01 AM 20160]
S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/5/2006 12:01 PM 642560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1682526488-839522115-1003Core.job
- c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-25 02:57]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1682526488-839522115-1003UA.job
- c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-25 02:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download by easyMule - c:\program files\eMule\IE2EM.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\owner\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 14:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Xuse\8l`恘0񇠴00 *
*S0n0'Y0Wn0済f0g0 *
]
"Order"=hex:08,00,00,00,02,00,00,00,16,03,00,00,01,00,00,00,06,00,00,00,98,00,
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\

[HKEY_USERS\S-1-5-21-117609710-1682526488-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c1,59,f2,93,ca,95,64,52,4c,c8,ec,02,19,8b,07,c8,be,8c,74,28,52,79,2f,
c3,53,6e,3e,a0,0b,e0,19,8d,8e,5f,f0,ae,93,1e,28,74,a2,02,59,5d,ab,ef,cc,1c,\
"??"=hex:9d,1c,be,28,e9,d9,e2,ec,55,b4,35,85,0f,32,fa,bd

[HKEY_USERS\S-1-5-21-117609710-1682526488-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:33,2a,a1,07,d7,cf,50,22,01,f4,83,52,8c,59,cd,5d,6e,2d,69,36,50,
9c,b8,2f,26,df,22,2e,23,bf,f1,28,5b,62,0a,fd,d8,c7,cf,7e,a0,94,59,b5,48,19,\
"rkeysecu"=hex:ed,4c,b7,cf,ae,0b,b8,4d,eb,6b,8d,33,4e,45,3a,c1

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="17E1B515B7593705FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BE
CC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B
9808A6A0AC4980AC79339084EDAFB24B78B48AA684F64FEAD42DAC700FA9A6794AB7D67D12B3799B4
F53DED3E85527609B8DF6AF4B017AE6D579E37126DA490194A2FE05C7B8DDF131248A6CD4B7B334E6
C2D64D0FE884D8C0A0B715F58428EF5D7447AD252EB9837E5CFB3A93CD9A216C3D8EF099F53C739D2
EA6F74ADC3EF140796CD99C5B551589294F09DE0E1224512936F007F0648E86EF6997471DFAD6EE40
61D2748E6F8EB67B540B427645DF51F71A86C8A6B4232DF668D7E0064392AC1DCDC64814B7FEFE868
CD41C075199BADF3C52A3695651D21A400261586F3D52260B4386425315EFC0B06023C4C8BB6FD7CF
D5AE906ADC4F73433E67DBCA93CB3627BEF26F5C272B69AC8ADB393154E520BEF7587283AA8E62781
F63DA1573986C661023F6DE2CE57E9F9524EE04952837248161EF27C78F0716169B2404E1CE2D3E75
81395BC36944DB262B78AF54D363D0A15EE7D1E064490C7AAA0A3E08951FD88E4F1A482D9245EAC5F
4E8978B1C2DC86BB7C272CA36D2FB09FC63E02F292D165F1C000ECCD3C98863595A8FD747634654AA
68EBFB3F903960D40C79C95A860750D05888ACB0E5A2CD8268E27CAF15B4384746958ECEB5CF04C86
08E690D9E72AC26110BF942E9DC3BF134CFDD429834D3F2CF39424838FB5BC04517C7392C53A72E1F
5884B8F10FC67B63080883869ACA66F79779225330B17D1F00C06BA958D3C8F9ABC1535745EB469CB
02708BC6FA2AE3A613BE9038F360EDAA853C5D7E32BAD1CAFCAE63ABD0DCD8CE40E7A5BEE462B9441
32BC8B77FCD8E564A279398C87E70687DB5D806E6F63E6B23199480B8413884EAD4E71F17C98337C7
84F949BAA563BC65634D17C3CA85C9B2CB7ADE60FEC991A20E600C212D938AB40267592B82C44F6BF
FC19440017A8963CB9765BFA9654A62160455E7A007124896BABA0BBEDAB953FDB08D52EF9078C439
B54F44541C4EAEBAB92ED5A3FDC8708A4C8AE9D788113238B91749AF0B7DB486ABEF4CB6F7DD2DD4A
7ED0B9227C6F946A24D5307AD8D5DCD76E177FEE8056F2C9EACECF7D92BC7B54E396038658E6A9685
AE42776CAB37F239B6979BDA9C292EE5AACF7159E7BE9F55F85861E79EDE75FC95F1C43F17C4562D7
CA8A777FDA98254B69CFB840D6F56D5597F66DEFF914A215F9898AED718A9E2750980C53CB1CC8C29
5453C18898C0EE8796BD0CD71949CA4A1D14DE245D0F4D23F6B3F7839D44D8B76A9C94BC1C2BE870D
60F3A93175C62272B8DBF7233C17E695B1AA49B723B9B20534DB84244E7B5D67B4D89D8968327D406
6DED8A6964AB200FCB7A0D1062708"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(448)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3656)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-24 14:50:47
ComboFix-quarantined-files.txt 2010-05-24 18:50
ComboFix2.txt 2010-05-24 17:58

Pre-Run: 54,782,029,824 bytes free
Post-Run: 54,751,936,512 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 4B36EB9B86F920DCD0B33AE2A5E9F48E

3.MBAM Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4139

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/24/2010 2:56:06 PM
mbam-log-2010-05-24 (14-56-06).txt

Scan type: Quick scan
Objects scanned: 119425
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4.ESET Log

C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\6\5b3d5486-7555426d a variant of Java/TrojanDownloader.Agent.NAN trojan
C:\Documents and Settings\owner\Incomplete\T-5745425-lil wayne mr carter ft jayz.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.SJ trojan
C:\System Volume Information\_restore{2828B56E-50A7-4845-BC7F-42C097B7F225}\RP646\A0123411.sys Win32/Olmarik.SJ trojan

5.OTL Log

OTL logfile created on: 5/24/2010 6:00:23 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.47 Gb Total Space | 50.93 Gb Free Space | 28.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Webshots\Webshots.scr (Webshots.com)
PRC - C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\vbptask.exe (FarStone Tech. Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (aspnet_state) -- File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3697.dll ()
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\WINDOWS\system32\drivers\hidbatt.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys (DT Soft Ltd.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (VVBackd5) -- C:\WINDOWS\system32\drivers\VVBackd5.sys ()
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (ADM8511) -- C:\WINDOWS\system32\drivers\ADM8511.SYS (ADMtek Incorporated)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.22
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.77
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/05/23 06:29:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 14:24:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 14:08:34 | 000,000,000 | ---D | M]

[2008/12/05 18:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2010/05/23 14:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions
[2010/03/27 02:08:00 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/02/06 04:40:35 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/05/13 10:25:37 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/18 14:37:44 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/10/23 18:47:53 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010/05/14 10:23:38 | 000,000,000 | ---D | M] (GameFOX) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2010/05/18 13:04:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/30 18:10:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/27 02:08:00 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/09 10:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/06 05:16:28 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2010/01/28 21:17:26 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2010/04/02 02:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rcm9qv56.default\extensions\[email protected]
[2010/05/23 14:16:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/24 13:53:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IE2EMBHO Class) - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files\eMule\modules\IE2EM.dll (VeryCD.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RestoreIT!] C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE (FarStone Tech. Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\owner\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download by easyMule - C:\Program Files\eMule\IE2EM.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/01 07:47:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/05/01 17:04:36 | 000,000,485 | ---- | M] () - C:\AutoSetup.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/05/01 07:47:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/24 14:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/24 13:43:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/24 13:43:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/24 13:43:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/24 13:43:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/24 13:43:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/24 13:42:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/23 19:41:51 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2010/05/23 11:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\Unused Desktop Shortcuts
[2010/05/23 06:32:18 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/23 06:32:15 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/23 06:32:08 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/23 06:32:05 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/23 06:31:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/23 04:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/05/23 04:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/05/23 04:23:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/05/06 20:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\MSNInstaller
[2010/05/05 12:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Roms
[2010/05/03 17:52:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\owner\IECompatCache
[2010/05/02 22:00:02 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/26 16:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sol Edit
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/24 17:18:03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1682526488-839522115-1003UA.job
[2010/05/24 14:50:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/24 14:47:46 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/24 13:53:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/24 13:53:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/24 13:53:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/24 13:52:21 | 021,495,808 | ---- | M] () -- C:\Documents and Settings\owner\NTUSER.DAT
[2010/05/24 13:52:21 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\owner\ntuser.ini
[2010/05/24 13:42:09 | 003,696,151 | R--- | M] () -- C:\Documents and Settings\owner\Desktop\ComboFix.exe
[2010/05/24 11:17:55 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\owner\defogger_reenable
[2010/05/24 11:17:19 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Defogger.exe
[2010/05/24 05:29:14 | 060,322,973 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/24 02:18:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1682526488-839522115-1003Core.job
[2010/05/23 19:49:51 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\s1qwo073.exe
[2010/05/23 19:41:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2010/05/23 11:13:57 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/05/23 11:13:56 | 000,000,715 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/23 06:32:20 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/23 06:32:18 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/23 06:32:09 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/23 06:32:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/23 06:32:05 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/23 04:40:43 | 000,393,932 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/23 04:40:43 | 000,338,298 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/23 04:40:43 | 000,050,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/23 03:47:54 | 003,360,052 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Goo Goo Dolls - Black Balloon (Acoustic) .mp3
[2010/05/23 03:44:49 | 003,760,027 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Goo Goo Dolls - Black Balloon.mp3
[2010/05/21 10:56:50 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/21 06:57:35 | 002,110,278 | -H-- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\IconCache.db
[2010/05/21 06:55:10 | 003,119,704 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Dryer - Seen Enough .mp3
[2010/05/21 06:49:52 | 004,480,196 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\B.o.B ft. Eminem & Hayley Williams - Airplanes Part 2 (With Lyrics).mp4.mp3
[2010/05/20 23:49:55 | 008,523,869 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\The_Breaker_v09_c61_a-team_.rar
[2010/05/19 16:52:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/17 08:42:40 | 002,128,515 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Howie Day - She Says.mp3
[2010/05/12 09:15:53 | 000,103,936 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/09 10:07:14 | 000,094,256 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/07 22:56:23 | 000,335,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/04 06:06:50 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\vso_ts_preview.xml
[2010/05/03 19:58:34 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\CareerBuilder.com Jobs - The Largest Job Search, Employment & Careers Site.url
[2010/05/03 19:08:35 | 000,000,268 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Research Correspondent (214807-043) job in Saddle River, NJ Other careers - Yahoo HotJobs.url
[2010/05/02 22:36:00 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/30 00:46:16 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Find Jobs - Level 1 Computer Technician Jobs in Bayside, New York - St. Mary's Hospital for Children.url
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 15:18:56 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Google Chrome.lnk
[2010/04/27 02:18:56 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/24 13:43:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/24 13:43:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/24 13:43:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/24 13:43:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/24 13:43:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/24 13:42:08 | 003,696,151 | R--- | C] () -- C:\Documents and Settings\owner\Desktop\ComboFix.exe
[2010/05/24 11:17:43 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\owner\defogger_reenable
[2010/05/24 11:17:19 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Defogger.exe
[2010/05/23 19:49:51 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\s1qwo073.exe
[2010/05/23 06:32:05 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/23 06:31:59 | 060,322,973 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/23 03:45:38 | 003,360,052 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Goo Goo Dolls - Black Balloon (Acoustic) .mp3
[2010/05/23 03:42:16 | 003,760,027 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Goo Goo Dolls - Black Balloon.mp3
[2010/05/21 06:53:27 | 003,119,704 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Dryer - Seen Enough .mp3
[2010/05/21 06:46:38 | 004,480,196 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\B.o.B ft. Eminem & Hayley Williams - Airplanes Part 2 (With Lyrics).mp4.mp3
[2010/05/20 23:48:48 | 008,523,869 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\The_Breaker_v09_c61_a-team_.rar
[2010/05/17 08:41:06 | 002,128,515 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Howie Day - She Says.mp3
[2010/05/03 19:58:34 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\CareerBuilder.com Jobs - The Largest Job Search, Employment & Careers Site.url
[2010/04/30 00:46:16 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Find Jobs - Level 1 Computer Technician Jobs in Bayside, New York - St. Mary's Hospital for Children.url
[2010/04/30 00:22:47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Research Correspondent (214807-043) job in Saddle River, NJ Other careers - Yahoo HotJobs.url
[2010/04/12 07:33:27 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/02/21 09:13:10 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/08 00:38:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2008/12/03 18:44:33 | 000,000,111 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2008/07/31 09:40:54 | 000,001,605 | ---- | C] () -- C:\WINDOWS\PROGRA~7.INI
[2008/07/28 13:46:16 | 000,001,639 | ---- | C] () -- C:\WINDOWS\ProgramLive.INI
[2007/12/12 01:39:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/14 14:13:41 | 000,000,027 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
[2007/10/13 23:36:04 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/06/08 11:22:02 | 000,000,628 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/26 16:27:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/03/17 17:18:44 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/06 15:57:36 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/08/17 11:22:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/05/08 18:23:41 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVSyf.DLL
[2006/05/08 18:23:17 | 000,000,356 | ---- | C] () -- C:\WINDOWS\System32\CNCASv51.ini
[2006/05/08 18:23:09 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\CNCMP51.INI
[2006/05/05 13:30:28 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/05/05 13:30:28 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/05/05 13:30:28 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/05/05 13:28:40 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/05/02 13:17:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/02 13:15:33 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/05/02 12:25:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/05/02 12:25:00 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/05/01 17:04:41 | 000,180,074 | ---- | C] () -- C:\WINDOWS\System32\drivers\VVBackd5.sys
[2006/05/01 16:19:24 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/05/01 15:26:47 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/01 13:54:10 | 000,013,373 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2006/05/01 13:54:07 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2006/05/01 12:36:37 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/05/01 12:36:21 | 000,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2006/05/01 12:36:21 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2006/05/01 12:36:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2006/05/01 12:36:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/05/01 12:36:10 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/05/01 12:24:58 | 000,003,078 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/05/01 12:24:57 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/03/18 09:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2004/12/20 06:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 06:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/14 17:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/14 17:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 17:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/14 16:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/11/15 08:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2006/05/01 07:47:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/05/01 17:04:36 | 000,000,485 | ---- | M] () -- C:\AutoSetup.log
[2008/01/16 13:40:18 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010/05/23 11:13:57 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/05/24 14:50:47 | 000,017,299 | ---- | M] () -- C:\ComboFix.txt
[2006/05/01 07:47:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/05/01 17:04:41 | 000,009,131 | ---- | M] () -- C:\Dpssetup.log
[2006/10/09 12:29:41 | 000,900,461 | ---- | M] () -- C:\EasyShare.dmp
[2008/07/14 09:04:28 | 000,000,154 | ---- | M] () -- C:\fairuse.log
[2006/12/10 21:35:17 | 000,008,012 | ---- | M] () -- C:\ind-srt2.clt
[2006/05/01 07:47:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/01/08 01:47:24 | 000,002,053 | -H-- | M] () -- C:\IPH.PH
[2006/05/01 13:54:18 | 000,004,407 | ---- | M] () -- C:\mmcInst.log
[2006/05/01 07:47:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/01/16 04:07:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2006/05/30 23:44:39 | 000,004,096 | ---- | M] () -- C:\ntldr.srm
[2010/05/24 13:53:20 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2006/05/01 17:04:35 | 000,024,068 | ---- | M] () -- C:\PartitionCut.log
[2008/06/29 16:30:46 | 000,003,362 | ---- | M] () -- C:\rundll32.txt
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2006/12/16 16:12:11 | 000,000,029 | ---- | M] () -- C:\wizard.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/05/01 03:38:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/05/01 03:38:27 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/05/01 03:38:27 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/23 06:32:09 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/05/23 06:32:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/05/23 06:32:18 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/01/16 04:22:42 | 000,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sptd7261.sys
[2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Files - Unicode (All) ==========
[2010/02/22 19:59:56 | 010,183,882 | ---- | C] ()(C:\Documents and Settings\All Users\Documents\5 ?????.mp3) -- C:\Documents and Settings\All Users\Documents\5 銀のめぐり.mp3
[2009/03/09 20:08:39 | 010,183,882 | ---- | M] ()(C:\Documents and Settings\All Users\Documents\5 ?????.mp3) -- C:\Documents and Settings\All Users\Documents\5 銀のめぐり.mp3
[2008/11/06 01:45:40 | 007,785,646 | ---- | C] ()(C:\Documents and Settings\All Users\Documents\07. ???? ~ Ghostly Eyes _I_.mp3) -- C:\Documents and Settings\All Users\Documents\07. 幻視の夜 ~ Ghostly Eyes _I_.mp3
[2007/06/01 20:42:42 | 007,785,646 | ---- | M] ()(C:\Documents and Settings\All Users\Documents\07. ???? ~ Ghostly Eyes _I_.mp3) -- C:\Documents and Settings\All Users\Documents\07. 幻視の夜 ~ Ghostly Eyes _I_.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 362 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
< End of report >
  • 0

#12
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Java Outdated
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.


NEXT



Clean Java Cache & Temporary Files
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    @Alternate Data Stream - 362 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
    :Files
    C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\6\5b3d5486-7555426d
    C:\Documents and Settings\owner\Incomplete\T-5745425-lil wayne mr carter ft jayz.mp3
    C:\Program Files\Unlocker\eBay_shortcuts_1016.exe
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.



Please post back with the OTL fix log, as well as an update on how your computer is currently running.
  • 0

#13
Rakh

Rakh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the new OTL Log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\6\5b3d5486-7555426d not found.
C:\Documents and Settings\owner\Incomplete\T-5745425-lil wayne mr carter ft jayz.mp3 moved successfully.
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: owner
->Temp folder emptied: 62452 bytes
->Temporary Internet Files folder emptied: 12818787 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 97391920 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 18179202 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 18499 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 123.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05242010_185115

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\owner\Local Settings\Temp\Perflib_Perfdata_b0c.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat not found!

Registry entries deleted on Reboot...
  • 0

#14
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



NEXT:



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Clean-Up
Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
    • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
      • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#15
Rakh

Rakh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello

I have finished cleaning up the programs. At the moment everything is working fine. If the problem comes back I will post again.

Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP