Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

OTL Problem & Logs


  • This topic is locked This topic is locked

#1
TheToker

TheToker

    Member

  • Member
  • PipPip
  • 19 posts
High folks. I was advised to post up a new topic following on from my replies HERE
I am unable to get OTL to run on my laptop, i've tried running all three of the extensions but to no avail.
Below is MBAM and GMER logs as requested.

-------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4407

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

08/08/2010 17:21:19
mbam-log-2010-08-08 (17-21-19).txt

Scan type: Quick scan
Objects scanned: 142711
Time elapsed: 12 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-08 16:57:17
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\pato\LOCALS~1\Temp\pwldqpob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAllocateVirtualMemory [0xEDE703E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAssignProcessToJobObject [0xEDE70C10]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEDFCD534]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateFile [0xEDE7DDD0]
SSDT F7B1DDF6 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEDFCDCC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xEDFE0EB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xEDFE12A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xEDFEA916]
SSDT F7B1DDEC ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEDFCDDF6]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDebugActiveProcess [0xEDE6D0F0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEDFC8398]
SSDT F7B1DDFB ZwDeleteKey
SSDT F7B1DE05 ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xEDFDFDF0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadDriver [0xEDE6FA00]
SSDT F7B1DE0A ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEDFE8B44]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenFile [0xEDE7E450]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xEDFE31CE]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenSection [0xEDE6A860]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xEDFE2DF8]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwProtectVirtualMemory [0xEDE70860]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryDirectoryFile [0xEDE6FF80]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueueApcThread [0xEDE70DB0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEDFE98D2]
SSDT F7B1DE14 ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestPort [0xEDE6EF00]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEDFCD0F4]
SSDT F7B1DE0F ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xEDE6D8A0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xEDFCD7DC]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetContextThread [0xEDE6CED0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEDFC875C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xEDFE9E12]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetSystemInformation [0xEDE6D290]
SSDT F7B1DE00 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwShutdownSystem [0xEDE6F8E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendProcess [0xEDE6DA80]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendThread [0xEDE6D690]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xEDFE1F0A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xEDFE1C86]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateThread [0xEDE6CCC0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwUnloadDriver [0xEDE6FD10]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwWriteVirtualMemory [0xEDE70A30]

Code \WINDOWS\system32\ntkrnlpa.exe[PAGEVRFY] [8064BB08] pIofCallDriver
Code \WINDOWS\system32\ntkrnlpa.exe[PAGEVRFY] [8064C19E] pIofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23EC 805012DC 12 Bytes [C0, DC, FC, ED, B4, 0E, FE, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 24B8 805013A8 12 Bytes [00, FA, E6, ED, 0A, DE, B1, ...] {ADD DL, BH; OUT 0xed, AL; OR BL, DH; MOV CL, 0xf7; INC ESP; MOV EDI, ESI; IN EAX, DX}
.text ntkrnlpa.exe!ZwCallbackReturn + 2728 80501618 12 Bytes [80, DA, E6, ED, 90, D6, E6, ...]

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device ECFB5C8A

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] B0604686B4C82CF8724B0494EFC03F5389F03DBEF509AC55550C1D6BE7BF7DB2CCED2054FAA3E960C5964978A476347E12DA2097A8ED5367EEA9FE4464B6E944BDC9B7FC77058A3014BE81E0BBBBD9F495AF3B6B039AEBCAA05D78C02F8206B04D34679098482259B5E0FA80BD94C5189780F2ACCA5B326DBC542337EE5AD39AB7129CE4FE2A92CB74BA1ACB68E7E2C91007BE12FBDF344487E02CBDF9542626316F5B92FCCE957D112F55FC2E81EC706C9E2D17433DD346B9F65332DAF0257BDE7938779DBAB8673D45B614B290F6F68A47DB7B046B49EF802F7034528ECC47DA015EB31D5A5B882027DF51512866CC3FA3014254479EC0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CC038D530D6EB3452A9C6AECB7A5D140764E2E885D1C27D317B7B67FC1461B8524F49560FA06CA122BD63DA799CCCF4093974754465110DE26463FD3B16DE8A8A7E9074825C79CEE8A49C24AC9A514122544512715EA36B4854503BE7A433DE23D503AC57EE06EE067833D89025BA37B79457D465CDE8F5E7D63C4C1D0E9338B4AB375D8A84AEC84381F4AEA6E5AF81644DD26940F8AD5FCCEB48713BD597EC5B4F647C5C7C7679EBF854EF2DB9BAA2C344810FE2DAA72C8509B97DE3B1BCA73502E894D16A40705
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{62FF04BF-1313-8A89-0005-E696211810F7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{62FF04BF-1313-8A89-0005-E696211810F7}@habnnemeigonabba 0x6B 0x61 0x62 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{62FF04BF-1313-8A89-0005-E696211810F7}@jadomkcpfbpifpjldgcf 0x6B 0x61 0x62 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{62FF04BF-1313-8A89-0005-E696211810F7}@fadlbikbefke 0x69 0x61 0x66 0x61 ...

---- EOF - GMER 1.0.15 ----

-------------------------------

Any help and / or advice is much appreciated.

Regards, Toker

Edited by admin, 08 August 2010 - 12:55 PM.

  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop Attached File  Scan.txt   848bytes   67 downloads

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

Posted Image

Then select Start OTL. OTL will now run

  • Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
    Select Scan.txt that you downloaded
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Click the Internet Explorer button, post these logs in your Virus Removal topic.

  • 0

#3
TheToker

TheToker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
High SweetTech. And thank you for your help.

I've followed your Instruction but OTL still will not run for me. :)
The display blanks and when i click to start OTL nothing happens.
From trying to start OTL on it's own (without using OTH) i can see in the
task manager that it starts for two / three seconds and stops.

Toker..
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. Lets try this:

Scanning with DDS

Please download DDS by sUBs from one of the following links and save it to your desktop.
Posted Image
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt & Attach.txt reports in your next reply.

  • 0

#5
TheToker

TheToker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok Logs below..


DDS (Ver_10-03-17.01) - NTFSx86
Run by pato at 19:56:52.52 on 08/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.991.698 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FW: Norton Internet Security *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Wakoopa\Wakoopa.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\pato\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.ie/
uWindow Title = Internet Explorer
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Wakoopa] c:\program files\wakoopa\Wakoopa.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: NoStrCmpLogical = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270234859155
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270234818576
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = :\WINDOW
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pato\applic~1\mozilla\firefox\profiles\cjtwlznm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\pato\application data\mozilla\firefox\profiles\cjtwlznm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\pato\application data\mozilla\firefox\profiles\cjtwlznm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\documents and settings\pato\application data\mozilla\firefox\profiles\cjtwlznm.default\extensions\[email protected]\platform\winnt\components\nsTwitterFoxSign.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\pato\application data\mozilla\firefox\profiles\cjtwlznm.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\pato\application data\mozilla\firefox\profiles\cjtwlznm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining.maxrequests - 4
FF - user.js: ui.submenuDelay - 55
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2006-2-13 20699]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-7-17 28552]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2005-6-21 11264]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-16 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-7-14 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-7-14 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-7-14 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-5-25 532224]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-16 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-16 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-16 60936]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-5-10 20968]
R2 MTC0005_MTCDIO;Wireless HotKey Driver;c:\windows\system32\drivers\MTCDIO.sys [1980-1-1 11316]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-10 135664]
S2 MTCDIO;MTCDIO;c:\windows\system32\drivers\MTCDIO.sys [1980-1-1 11316]
S2 OAcat;Online Armor Helper Service;"c:\program files\tall emu\online armor\oacat.exe" --> c:\program files\tall emu\online armor\OAcat.exe [?]
S2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe --> c:\program files\tall emu\online armor\oasrv.exe [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2006-9-12 160016]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\87.tmp --> c:\windows\system32\87.tmp [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 12872]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-08-07 17:18:58 0 d-----w- c:\program files\X-Setup Pro
2010-08-07 16:48:49 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-08-07 16:48:44 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-08-07 16:48:39 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-08-07 16:48:34 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-08-07 16:48:29 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-08-07 16:48:21 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-08-07 16:48:16 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-08-07 16:48:15 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-08-07 16:48:10 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-08-07 16:48:09 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-08-07 16:48:08 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-07 16:46:59 22271 ----a-w- c:\windows\system32\dllcache\watv06nt.sys
2010-08-07 16:45:59 11325 ----a-w- c:\windows\system32\dllcache\vchnt5.dll
2010-08-07 16:44:55 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-08-07 16:44:50 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-08-07 16:44:46 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-08-07 16:44:41 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-08-07 16:44:36 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-08-07 16:44:31 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-08-07 16:44:26 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-08-07 16:44:20 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2010-08-07 16:44:16 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2010-08-07 16:44:14 44672 ----a-w- c:\windows\system32\dllcache\uagp35.sys
2010-08-07 16:44:08 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2010-08-07 16:44:07 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-08-07 16:44:01 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-08-07 16:42:56 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-08-07 16:41:57 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-08-07 16:41:53 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-08-07 16:41:48 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-08-07 16:41:44 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-08-07 16:41:42 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-08-07 16:41:38 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-08-07 16:41:33 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-08-07 16:41:29 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2010-08-07 16:41:24 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2010-08-07 16:41:18 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-08-07 16:41:12 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-08-07 16:41:12 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-08-07 16:41:06 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-08-07 16:39:59 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys
2010-08-07 16:38:58 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-08-07 16:37:59 10880 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2010-08-07 16:36:56 62496 ----a-w- c:\windows\system32\dllcache\s3mtrio.dll
2010-08-07 16:35:58 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2010-08-07 16:34:56 112574 ----a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-08-07 16:33:59 75776 ----a-w- c:\windows\system32\dllcache\philcam1.sys
2010-08-07 16:32:59 20480 ----a-w- c:\windows\system32\dllcache\ovcomc.dll
2010-08-07 16:31:59 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2010-08-07 16:30:58 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll
2010-08-07 16:29:56 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-08-07 16:29:55 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-08-07 16:29:49 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-08-07 16:29:41 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-08-07 16:29:40 40960 ----a-w- c:\windows\system32\dllcache\msiregmv.exe
2010-08-07 16:29:39 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-08-07 16:29:23 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-08-07 16:29:18 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2010-08-07 16:29:16 51328 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-08-07 16:29:06 15360 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-08-07 16:29:00 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-08-07 16:27:59 420992 ----a-w- c:\windows\system32\dllcache\ltmdmntt.sys
2010-08-07 16:26:52 18432 ----a-w- c:\windows\system32\dllcache\jupiw.dll
2010-08-07 16:25:58 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys
2010-08-07 16:24:59 1041536 ----a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-08-07 16:23:56 32768 ----a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2010-08-07 16:22:59 82304 ----a-w- c:\windows\system32\dllcache\grclass.sys
2010-08-07 16:21:59 27165 ----a-w- c:\windows\system32\dllcache\fetnd5.sys
2010-08-07 16:20:57 40704 ----a-w- c:\windows\system32\dllcache\es1371mp.sys
2010-08-07 16:19:58 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys
2010-08-07 16:18:59 102484 ----a-w- c:\windows\system32\dllcache\digiinf.dll
2010-08-07 16:17:59 3072 ----a-w- c:\windows\system32\dllcache\cwbmidi.sys
2010-08-07 16:16:59 236032 ----a-w- c:\windows\system32\dllcache\camext20.dll
2010-08-07 16:15:59 17279 ----a-w- c:\windows\system32\dllcache\atv10nt5.dll
2010-08-07 16:14:59 3711 ----a-w- c:\windows\system32\dllcache\adv09nt5.dll
2010-08-07 16:13:51 208896 ----a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2010-08-03 02:06:56 0 d-----w- c:\program files\common files\xing shared
2010-07-27 03:11:04 0 d-----w- c:\program files\Ask.com
2010-07-23 18:30:19 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-07-22 18:46:23 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-07-22 18:46:22 0 d-----w- c:\program files\Belarc
2010-07-21 12:37:18 65536 ----a-w- c:\windows\SmCfg.exe
2010-07-21 12:37:18 512000 ----a-w- c:\windows\system32\SLLights.dll
2010-07-21 12:37:18 434176 ----a-w- c:\windows\system32\slcpappl.cpl
2010-07-21 12:37:18 380928 ----a-w- c:\windows\system32\slmh.exe
2010-07-21 12:37:18 351388 ----a-w- c:\windows\system32\slmh.cab
2010-07-21 12:37:18 188416 ----a-w- c:\windows\system32\amr_cpl.dll
2010-07-21 12:37:18 167936 ----a-w- c:\windows\system32\minirec.exe
2010-07-21 12:37:18 14976 ----a-w- c:\windows\system32\drivers\winddx.sys
2010-07-21 12:37:18 138560 ----a-w- c:\windows\system32\slcpappl.chm
2010-07-21 11:57:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-19 00:29:13 159744 ----a-w- c:\windows\system32\igfxres.dll
2010-07-17 07:46:07 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-17 07:44:55 0 d-----w- c:\program files\Panda Security
2010-07-17 00:32:29 0 d-----w- c:\program files\ESET
2010-07-14 01:28:46 0 d-----w- c:\docume~1\pato\applic~1\OnlineArmor
2010-07-14 01:28:46 0 d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor
2010-07-14 01:28:06 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-07-14 01:28:05 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-07-14 01:28:04 228216 ----a-w- c:\windows\system32\drivers\OADriver.sys

==================== Find3M ====================

2010-08-08 18:47:17 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-08-07 00:17:38 821280 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-08-07 00:17:38 108344 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-08-07 00:17:37 481508 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-08-07 00:17:37 30171936 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-07-17 04:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 14:30:28 743936 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
2010-05-20 17:10:06 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-02-23 10:40:33 109 --sha-w- c:\windows\system32\548655288.dat

============= FINISH: 20:03:00.37 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 16/05/2006 16:17:54
System Uptime: 08/08/2010 19:27:34 (1 hours ago)

Motherboard: NEC COMPUTERS INTERNATIONAL | | Rhea B
Processor: Intel® Celeron® M processor 1.50GHz | mPGA478 | 1496/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 43 GiB total, 13.058 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP132: 07/08/2010 22:42:57 - System Checkpoint
RP133: 07/08/2010 22:43:02 - System Checkpoint
RP134: 07/08/2010 22:43:06 - Installed Sophos Windows Shortcut Exploit Protection Tool.
RP135: 07/08/2010 22:43:10 - System Checkpoint
RP136: 06/08/2010 23:20:26 - Installed Java™ 6 Update 21
RP137: 07/08/2010 18:58:43 - Rollback to an unsigned driver
RP138: 07/08/2010 19:00:37 - Rollback to an unsigned driver
RP139: 08/08/2010 03:04:36 - Before uninstall O&O Defrag Professional
RP140: 08/08/2010 03:05:05 - Removed O&O Defrag Professional.

==== Installed Programs ======================

Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Ask Toolbar
µTorrent
Auslogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
Belarc Advisor 8.1
Bonjour
Canon MP Drivers
CCleaner
ConvertXtoDVD 3.5.1.135
CPUID CPU-Z 1.54
CPUID HWMonitor 1.15
CS_Manager
DFX for RealPlayer
DFX for Windows Media Player
DivX Content Uploader
DivX Setup
Driver Genius Professional Edition
EPSON CardMonitor
EPSON Copy Utility 3
ERUNT 1.1j
ESET Online Scanner v3
EVEREST Ultimate Edition v5.50
Foxit Reader
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPL Ghostscript 8.71
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Image Transfer
InstallIQ Updater
Intel® Extreme Graphics 2 Driver
InterActual Player
InterVideo DVDCopy 4
IrfanView (remove only)
IsoBuster 2.8
Java Auto Updater
Java™ 6 Update 21
Just Great Software EditPad Lite 6.6.4
Kels' CPL Bonus Pack!
LG USB Modem driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Orbit Downloader
Packard Bell InfoCentre
Panda ActiveScan 2.0
PIF DESIGNER2.1
PIXELA ImageMixer
QuickTime
RealPlayer
Realtek AC'97 Audio
RealUpgrade 1.0
Roxio Easy Media Creator 8 Suite
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Smart Link 56K Modem
Sonic RecordNow!
Sony Picture Utility
Sony USB Driver
SopCast 3.2.4
Sophos Anti-Rootkit 1.5.4
Sophos Windows Shortcut Exploit Protection Tool
Spybot - Search & Destroy
SpywareBlaster 4.3
SUPERAntiSpyware Free Edition
System Requirements Lab for Intel
TuneUp Utilities 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
VC80CRTRedist - 8.0.50727.4053
VDMSound
Veetle TV 0.9.17
Visual C++ CRT 8.0
VLC media player 1.1.2
Wakoopa
WebFldrs XP
What's Running 3.0
Winamp
Winamp Detector Plug-in
WinAVI Video Converter
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Winrar 3.93
XQDC X-Setup Pro 9.2.100
Your Uninstaller! 2008 Version 6.0
ZoneAlarm
Zune Desktop Theme

==== Event Viewer Messages From Past Week ========

08/08/2010 19:57:00, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
08/08/2010 19:22:48, error: Service Control Manager [7034] - The TuneUp Program Statistics Service service terminated unexpectedly. It has done this 1 time(s).
08/08/2010 19:22:48, error: Service Control Manager [7034] - The SmartLinkService service terminated unexpectedly. It has done this 1 time(s).
08/08/2010 19:22:48, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
08/08/2010 03:05:08, error: Service Control Manager [7034] - The O&O Defrag Agent service terminated unexpectedly. It has done this 1 time(s).
07/08/2010 19:34:26, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
07/08/2010 18:54:55, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
07/08/2010 17:48:51, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
07/08/2010 17:42:38, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\drivers\tcpip.sys has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
07/08/2010 17:42:37, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\drivers\tcpip.sys has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.3394.
07/08/2010 17:35:38, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\rasmans.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2908.
07/08/2010 17:35:38, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\rasmans.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
07/08/2010 17:13:36, information: Windows File Protection [64016] - Windows File Protection file scan was started.
07/08/2010 10:05:40, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
05/08/2010 21:10:33, error: Service Control Manager [7000] - The Online Armor service failed to start due to the following error: The system cannot find the file specified.
05/08/2010 21:10:33, error: Service Control Manager [7000] - The Online Armor Helper Service service failed to start due to the following error: The system cannot find the path specified.
05/08/2010 21:10:33, error: Service Control Manager [7000] - The MTCDIO service failed to start due to the following error: The system cannot find the file specified.
05/08/2010 21:09:18, error: iviVD [9] - The device, \Device\Scsi\iviVD1, did not respond within the timeout period.
04/08/2010 21:47:10, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
04/08/2010 21:13:21, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
04/08/2010 00:39:40, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
03/08/2010 23:43:38, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb BANTExt cdudf_xp Fips intelppm kl1 OADevice pavboot RxFilter SASDIFSV SASKUTIL ssmdrv
03/08/2010 18:18:55, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/08/2010 18:18:39, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
02/08/2010 22:19:15, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TuneUp.ProgramStatisticsSvc service.
01/08/2010 20:49:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
01/08/2010 20:49:40, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

==== End Of File ===========================


Many thanks..

Edited by TheToker, 08 August 2010 - 01:14 PM.

  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
What is going on with all of these security programs that you have installed? Do you have active subscription to any of these? It's not a good idea to have more than one anti-virus program and more than one firewall program.

The issues you are experiencing could be due to the fact with your security programs conflicting with one another.

While I'm reviewing your logs can you please comment on what is going on with all of them, and which one you plan on keeping.
  • 0

#7
TheToker

TheToker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

What is going on with all of these security programs that you have installed? Do you have active subscription to any of these? It's not a good idea to have more than one anti-virus program and more than one firewall program.

The issues you are experiencing could be due to the fact with your security programs conflicting with one another.

While I'm reviewing your logs can you please comment on what is going on with all of them, and which one you plan on keeping.


High. I'm only using ZoneAlarm and Avira.
There should be nothing else running except those two..
Below is my start up list from CCleaner.

Yes HKCU:Run swg "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes HKCU:Run Wakoopa C:\Program Files\Wakoopa\Wakoopa.exe
Yes HKLM:Run SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Yes HKLM:Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run ZoneAlarm Client "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
Yes HKLM:Run avgnt "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

Cheers..
  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay.

They probably didn't get uninstalled properly.

Lets run the removal tools for them then:

Remove Norton Tool

ONLY if you don't have an active subscription, use below link to uninstall Norton.

Please click HERE and follow the instructions to download and run the Norton Removal Tool for your own version.

It is strongly recommended that you run only one anti-virus program at a time. Having more than one anti-virus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


NEXT:



Uninstall McAfee
1) Click on Start > Control Panel
2) Double-click on Add or Remove Programs
3) Find McAfee SecurityCenter
4) Click on Change/Remove
5) Place a checkmark next to each McAfee product listed and then click Remove.
6) You will see a warning message. Click on the Remove button.
7) .The removal process will start showing each program being removed, then it will ask to restart the computer. Go ahead and reboot after the removal process is finished.
8) After rebooting McAfee should be removed from your system.




Please attempt to see if your able to run OTL after doing the above.
  • 0

#9
TheToker

TheToker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok i've run the Norton Removal Tool and all went ok.
Something strange though, i don't have McAfee on my PC. There is no sign of it
in the add/remove programs list and no McAfee folder in Program Files.. :)

Thanks for your ongoing help..

EDIT: OTL Still wont run..

Edited by TheToker, 08 August 2010 - 02:04 PM.

  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

Advertisements


#11
TheToker

TheToker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
That took a long time to finish..

ComboFix 10-08-08.01 - pato 08/08/2010 21:24:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.991.545 [GMT 1:00]
Running from: c:\documents and settings\pato\Desktop\ComboFix.exe
AV: *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\pato\Application Data\inst.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\548655288.dat
c:\windows\system32\cks
c:\windows\system32\dtw5d
c:\windows\system32\dtw5d\avgtray_UAs001.dat
c:\windows\system32\dtw5d\ccsetup230_UAs001.dat
c:\windows\system32\dtw5d\dfsetup117_UAs001.dat
c:\windows\system32\dtw5d\divx player_UAs001.dat
c:\windows\system32\dtw5d\firefox_UAs002.dat
c:\windows\system32\dtw5d\firefox_UAs003.dat
c:\windows\system32\dtw5d\fsonlinescanner_UAs001.dat
c:\windows\system32\dtw5d\googletoolbarnotifier_UAs003.dat
c:\windows\system32\dtw5d\housecall_UAs001.dat
c:\windows\system32\dtw5d\iexplore_UAs013.dat
c:\windows\system32\dtw5d\iexplore_UAs014.dat
c:\windows\system32\dtw5d\iexplore_UAs015.dat
c:\windows\system32\dtw5d\javaw_UAs001.dat
c:\windows\system32\dtw5d\jxpiinstall-rv_UAs001.dat
c:\windows\system32\dtw5d\jxpiinstall-rv_UAs002.dat
c:\windows\system32\dtw5d\jxpiinstall-rv_UAs003.dat
c:\windows\system32\dtw5d\realplay_UAs001.dat
c:\windows\system32\dtw5d\realplay_UAs002.dat
c:\windows\system32\dtw5d\realplay_UAs003.dat
c:\windows\system32\dtw5d\setup_wm_UAs001.dat
c:\windows\system32\dtw5d\sopcast_UAs001.dat
c:\windows\system32\dtw5d\sopcast_UAs002.dat
c:\windows\system32\dtw5d\spywareblaster_UAs003.dat
c:\windows\system32\dtw5d\stub_UAs001.dat
c:\windows\system32\dtw5d\update_UAs001.dat
c:\windows\system32\dtw5d\utorrent_UAs001.dat
c:\windows\system32\dtw5d\wmplayer_UAs001.dat
c:\windows\system32\dtw5d\xpnetdiag_UAs002.dat
c:\windows\system32\dtw5d\zlclient_UAs002.dat
c:\windows\system32\srvblck.tmp
c:\windows\system32\UAs
c:\windows\system32\UAs\5_odb_UAs001.dat
c:\windows\system32\UAs\acrord32_UAs001.dat
c:\windows\system32\UAs\AcroRd32_UAs002.dat
c:\windows\system32\UAs\avgtray_UAs001.dat
c:\windows\system32\UAs\ccleaner_UAs001.dat
c:\windows\system32\UAs\ccleaner_UAs002.dat
c:\windows\system32\UAs\ccsetup230_UAs001.dat
c:\windows\system32\UAs\defraggler_UAs001.dat
c:\windows\system32\UAs\defraggler_UAs002.dat
c:\windows\system32\UAs\dfsetup117_UAs001.dat
c:\windows\system32\UAs\divx player_UAs001.dat
c:\windows\system32\UAs\Download_UAs001.dat
c:\windows\system32\UAs\Download_UAs002.dat
c:\windows\system32\UAs\Explorer_UAs001.dat
c:\windows\system32\UAs\firefox_UAs001.dat
c:\windows\system32\UAs\firefox_UAs002.dat
c:\windows\system32\UAs\firefox_UAs003.dat
c:\windows\system32\UAs\fsonlinescanner_UAs001.dat
c:\windows\system32\UAs\GoogleToolbarNotifier_UAs001.dat
c:\windows\system32\UAs\googletoolbarnotifier_UAs002.dat
c:\windows\system32\UAs\googletoolbarnotifier_UAs003.dat
c:\windows\system32\UAs\gtb43F5.tmp_UAs001.dat
c:\windows\system32\UAs\helpctr_UAs001.dat
c:\windows\system32\UAs\housecall_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs001.dat
c:\windows\system32\UAs\IEXPLORE_UAs002.dat
c:\windows\system32\UAs\iexplore_UAs003.dat
c:\windows\system32\UAs\iexplore_UAs004.dat
c:\windows\system32\UAs\iexplore_UAs005.dat
c:\windows\system32\UAs\iexplore_UAs006.dat
c:\windows\system32\UAs\iexplore_UAs007.dat
c:\windows\system32\UAs\iexplore_UAs008.dat
c:\windows\system32\UAs\iexplore_UAs009.dat
c:\windows\system32\UAs\iexplore_UAs010.dat
c:\windows\system32\UAs\iexplore_UAs011.dat
c:\windows\system32\UAs\iexplore_UAs012.dat
c:\windows\system32\UAs\iexplore_UAs013.dat
c:\windows\system32\UAs\iexplore_UAs014.dat
c:\windows\system32\UAs\iexplore_UAs015.dat
c:\windows\system32\UAs\javaw_UAs001.dat
c:\windows\system32\UAs\jinstall_UAs001.dat
c:\windows\system32\UAs\jinstall_UAs002.dat
c:\windows\system32\UAs\jinstall_UAs003.dat
c:\windows\system32\UAs\jre-6u11-windows-i586-p-s_UAs001.dat
c:\windows\system32\UAs\jre-6u11-windows-i586-p-s_UAs002.dat
c:\windows\system32\UAs\jusched_UAs001.dat
c:\windows\system32\UAs\jusched_UAs002.dat
c:\windows\system32\UAs\jxpiinstall-rv_UAs001.dat
c:\windows\system32\UAs\jxpiinstall-rv_UAs002.dat
c:\windows\system32\UAs\jxpiinstall-rv_UAs003.dat
c:\windows\system32\UAs\mbam_UAs001.dat
c:\windows\system32\UAs\mbam_UAs002.dat
c:\windows\system32\UAs\mbam_UAs003.dat
c:\windows\system32\UAs\msiexec_UAs001.dat
c:\windows\system32\UAs\msiexec_UAs002.dat
c:\windows\system32\UAs\odb_UAs001.dat
c:\windows\system32\UAs\psi_UAs001.dat
c:\windows\system32\UAs\psi_UAs002.dat
c:\windows\system32\UAs\q1_UAs001.dat
c:\windows\system32\UAs\q2_UAs001.dat
c:\windows\system32\UAs\realplay_UAs001.dat
c:\windows\system32\UAs\realplay_UAs002.dat
c:\windows\system32\UAs\realplay_UAs003.dat
c:\windows\system32\UAs\runsql_UAs001.dat
c:\windows\system32\UAs\sbsd162upd_UAs001.dat
c:\windows\system32\UAs\sdnotify_UAs001.dat
c:\windows\system32\UAs\sdnotify_UAs002.dat
c:\windows\system32\UAs\setup_UAs001.dat
c:\windows\system32\UAs\setup_wm_UAs001.dat
c:\windows\system32\UAs\sopcast_UAs001.dat
c:\windows\system32\UAs\sopcast_UAs002.dat
c:\windows\system32\UAs\spybotsd162_UAs001.dat
c:\windows\system32\UAs\spywareblaster_UAs001.dat
c:\windows\system32\UAs\spywareblaster_UAs002.dat
c:\windows\system32\UAs\spywareblaster_UAs003.dat
c:\windows\system32\UAs\ssupdate_UAs001.dat
c:\windows\system32\UAs\stub_UAs001.dat
c:\windows\system32\UAs\SUPERAntiSpyware_UAs001.dat
c:\windows\system32\UAs\SUPERAntiSpyware_UAs002.dat
c:\windows\system32\UAs\superantispyware_UAs003.dat
c:\windows\system32\UAs\sv_UAs001.dat
c:\windows\system32\UAs\svc_UAs001.dat
c:\windows\system32\UAs\svchost_UAs001.dat
c:\windows\system32\UAs\svchost_UAs002.dat
c:\windows\system32\UAs\svchost_UAs003.dat
c:\windows\system32\UAs\svhoster_UAs001.dat
c:\windows\system32\UAs\svzip_UAs001.dat
c:\windows\system32\UAs\teste1_p_UAs001.dat
c:\windows\system32\UAs\teste2_p_UAs001.dat
c:\windows\system32\UAs\teste3_p_UAs001.dat
c:\windows\system32\UAs\teste4_p_UAs001.dat
c:\windows\system32\UAs\UAs001.dat
c:\windows\system32\UAs\UAs002.dat
c:\windows\system32\UAs\UAs003.dat
c:\windows\system32\UAs\update_UAs001.dat
c:\windows\system32\UAs\utorrent_UAs001.dat
c:\windows\system32\UAs\wgatray_UAs001.dat
c:\windows\system32\UAs\wmplayer_UAs001.dat
c:\windows\system32\UAs\xpnetdiag_UAs001.dat
c:\windows\system32\UAs\xpnetdiag_UAs002.dat
c:\windows\system32\UAs\zlclient_UAs001.dat
c:\windows\system32\UAs\zlclient_UAs002.dat

.
((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-07 21:24 . 2010-08-07 21:24 -------- d-----w- c:\program files\ERUNT
2010-08-07 17:18 . 2010-08-07 17:19 -------- d-----w- c:\program files\X-Setup Pro
2010-08-07 16:48 . 2004-08-03 23:56 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-08-07 16:48 . 2001-08-17 21:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-08-07 16:48 . 2001-08-17 21:36 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-08-07 16:48 . 2001-08-17 21:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-08-07 16:48 . 2001-08-17 21:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-08-07 16:48 . 2001-08-17 21:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-08-07 16:48 . 2001-08-17 11:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-08-07 16:48 . 2004-08-03 21:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-08-07 16:48 . 2004-08-03 22:10 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-08-07 16:48 . 2004-08-03 21:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-08-07 16:48 . 2004-08-03 23:56 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-07 16:46 . 2004-08-03 21:29 22271 ----a-w- c:\windows\system32\dllcache\watv06nt.sys
2010-08-07 16:45 . 2004-08-03 23:56 11325 ----a-w- c:\windows\system32\dllcache\vchnt5.dll
2010-08-07 16:44 . 2001-08-17 21:36 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-08-07 16:44 . 2001-08-17 21:36 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-08-07 16:44 . 2001-08-17 21:36 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-08-07 16:44 . 2001-08-17 21:36 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-08-07 16:44 . 2001-08-17 12:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-08-07 16:44 . 2001-08-17 21:36 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-08-07 16:44 . 2001-08-17 21:36 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-08-07 16:44 . 2001-08-17 21:36 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2010-08-07 16:44 . 2001-08-17 21:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2010-08-07 16:44 . 2004-08-03 22:07 44672 ----a-w- c:\windows\system32\dllcache\uagp35.sys
2010-08-07 16:44 . 2001-08-17 12:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2010-08-07 16:44 . 2004-08-04 13:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-08-07 16:44 . 2001-08-17 11:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-08-07 16:42 . 2001-08-17 11:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-08-07 16:41 . 2001-08-17 21:36 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-08-07 16:41 . 2001-08-17 21:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-08-07 16:41 . 2001-08-17 21:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-08-07 16:41 . 2001-08-17 21:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-08-07 16:41 . 2004-08-03 22:10 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-08-07 16:41 . 2001-08-17 21:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-08-07 16:41 . 2001-08-17 21:36 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-08-07 16:41 . 2001-08-17 11:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2010-08-07 16:41 . 2001-08-17 12:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2010-08-07 16:41 . 2001-08-17 11:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-08-07 16:41 . 2004-08-04 13:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-08-07 16:41 . 2001-08-17 21:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-08-07 16:41 . 2001-08-17 21:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-08-07 16:39 . 2004-08-03 22:07 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys
2010-08-07 16:38 . 2001-08-17 11:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-08-07 16:37 . 2001-08-17 12:53 10880 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2010-08-07 16:36 . 2001-08-17 21:36 62496 ----a-w- c:\windows\system32\dllcache\s3mtrio.dll
2010-08-07 16:35 . 2004-08-03 21:59 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2010-08-07 16:34 . 2001-08-17 12:28 112574 ----a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-08-07 16:33 . 2001-08-17 13:04 75776 ----a-w- c:\windows\system32\dllcache\philcam1.sys
2010-08-07 16:32 . 2001-08-17 21:36 20480 ----a-w- c:\windows\system32\dllcache\ovcomc.dll
2010-08-07 16:31 . 2001-08-17 21:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2010-08-07 16:30 . 2001-08-17 13:56 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll
2010-08-07 16:29 . 2004-08-03 21:58 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-08-07 16:29 . 2004-08-03 22:10 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-08-07 16:29 . 2001-08-17 12:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-08-07 16:29 . 2001-08-17 13:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-08-07 16:29 . 2004-08-04 13:00 40960 ----a-w- c:\windows\system32\dllcache\msiregmv.exe
2010-08-07 16:29 . 2004-08-03 22:00 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-08-07 16:29 . 2001-08-17 13:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-08-07 16:29 . 2001-08-17 12:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2010-08-07 16:29 . 2004-08-03 22:10 51328 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-08-07 16:29 . 2004-08-03 22:10 15360 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-08-07 16:29 . 2001-08-17 12:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-08-07 16:27 . 2004-08-03 21:41 420992 ----a-w- c:\windows\system32\dllcache\ltmdmntt.sys
2010-08-07 16:26 . 2004-08-04 13:00 18432 ----a-w- c:\windows\system32\dllcache\jupiw.dll
2010-08-07 16:25 . 2001-08-17 13:06 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys
2010-08-07 16:24 . 2004-08-03 21:41 1041536 ----a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-08-07 16:23 . 2001-08-17 21:36 32768 ----a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2010-08-07 16:22 . 2001-08-17 12:51 82304 ----a-w- c:\windows\system32\dllcache\grclass.sys
2010-08-07 16:21 . 2001-08-17 11:13 27165 ----a-w- c:\windows\system32\dllcache\fetnd5.sys
2010-08-07 16:20 . 2001-08-17 11:19 40704 ----a-w- c:\windows\system32\dllcache\es1371mp.sys
2010-08-07 16:19 . 2001-08-17 11:10 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys
2010-08-07 16:18 . 2001-08-17 21:36 102484 ----a-w- c:\windows\system32\dllcache\digiinf.dll
2010-08-07 16:17 . 2001-08-17 11:19 3072 ----a-w- c:\windows\system32\dllcache\cwbmidi.sys
2010-08-07 16:16 . 2001-08-17 21:36 236032 ----a-w- c:\windows\system32\dllcache\camext20.dll
2010-08-07 16:15 . 2004-08-03 23:56 17279 ----a-w- c:\windows\system32\dllcache\atv10nt5.dll
2010-08-07 16:14 . 2004-08-03 23:56 3711 ----a-w- c:\windows\system32\dllcache\adv09nt5.dll
2010-08-07 16:13 . 2003-03-24 15:52 208896 ----a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2010-08-06 22:22 . 2010-08-06 22:22 -------- d-----w- c:\program files\Common Files\Java
2010-08-03 22:05 . 2010-08-03 22:07 -------- d-----w- c:\documents and settings\pato\Local Settings\Application Data\AskToolbar
2010-08-03 02:06 . 2010-08-03 02:06 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-30 00:05 . 2010-05-20 17:10 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-07-30 00:05 . 2010-05-20 17:10 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-07-27 03:11 . 2010-07-27 03:11 -------- d-----w- c:\program files\Ask.com
2010-07-23 18:30 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-07-22 18:46 . 2008-02-27 12:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-07-22 18:46 . 2010-07-22 18:46 -------- d-----w- c:\program files\Belarc
2010-07-21 12:37 . 2003-10-29 12:34 14976 ----a-w- c:\windows\system32\drivers\winddx.sys
2010-07-21 12:37 . 2003-10-29 11:54 512000 ----a-w- c:\windows\system32\SLLights.dll
2010-07-21 12:37 . 2003-10-29 11:47 65536 ----a-w- c:\windows\SmCfg.exe
2010-07-21 12:37 . 2003-10-29 11:19 380928 ----a-w- c:\windows\system32\slmh.exe
2010-07-21 12:37 . 2003-10-29 10:52 188416 ----a-w- c:\windows\system32\amr_cpl.dll
2010-07-21 12:37 . 2003-10-29 10:51 167936 ----a-w- c:\windows\system32\minirec.exe
2010-07-21 11:57 . 2010-08-07 02:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-19 00:29 . 2004-07-01 11:03 159744 ----a-w- c:\windows\system32\igfxres.dll
2010-07-17 07:46 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-17 07:44 . 2010-07-17 07:44 -------- d-----w- c:\program files\Panda Security
2010-07-17 00:32 . 2010-07-17 00:32 -------- d-----w- c:\program files\ESET
2010-07-14 01:28 . 2010-07-27 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-07-14 01:28 . 2010-07-14 01:28 -------- d-----w- c:\documents and settings\pato\Application Data\OnlineArmor
2010-07-14 01:28 . 2010-04-20 03:13 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-07-14 01:28 . 2010-04-20 03:13 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-07-14 01:28 . 2010-04-20 03:13 228216 ----a-w- c:\windows\system32\drivers\OADriver.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 20:08 . 2008-06-21 17:56 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-08-08 13:59 . 2008-06-20 23:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-07 17:18 . 2010-06-08 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\X-Setup Pro
2010-08-07 00:17 . 2006-09-11 23:09 821280 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-08-07 00:17 . 2006-09-11 23:09 108344 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-08-07 00:17 . 2006-09-11 23:09 481508 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-08-07 00:17 . 2006-09-11 23:09 30171936 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-08-06 22:21 . 2009-01-02 22:43 -------- d-----w- c:\program files\Java
2010-08-06 22:19 . 2009-02-17 23:01 -------- d-----w- c:\documents and settings\pato\Application Data\Orbit
2010-08-06 03:13 . 2010-04-03 00:40 -------- d-----w- c:\documents and settings\pato\Application Data\QuickScan
2010-08-03 22:28 . 2009-01-02 23:07 -------- d-----w- c:\program files\Sophos
2010-08-03 02:08 . 2006-05-16 23:01 -------- d-----w- c:\program files\Common Files\Real
2010-08-03 02:07 . 2010-05-02 21:23 -------- d-----w- c:\program files\real
2010-08-01 18:38 . 2010-04-03 13:51 -------- d-----w- c:\documents and settings\pato\Application Data\uTorrent
2010-07-31 16:43 . 2010-04-03 13:51 -------- d-----w- c:\program files\uTorrent
2010-07-29 04:40 . 2007-11-04 22:15 -------- d-----w- c:\program files\CCleaner
2010-07-27 03:11 . 2010-05-29 12:42 -------- d-----w- c:\documents and settings\pato\Application Data\Foxit Software
2010-07-27 03:10 . 2010-04-08 22:10 -------- d-----w- c:\program files\Foxit Software
2010-07-24 03:23 . 2009-01-01 23:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-24 03:21 . 2007-11-04 18:47 -------- d-----w- c:\program files\SpywareBlaster
2010-07-21 12:26 . 2008-08-08 12:33 -------- d-----w- c:\program files\Common Files\Apple
2010-07-18 13:00 . 2006-09-09 12:17 -------- d-----w- c:\program files\SopCast
2010-07-18 01:37 . 2010-05-08 14:12 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-17 04:00 . 2010-04-28 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-13 23:07 . 2006-05-17 10:08 -------- d-----w- c:\program files\DivX
2010-07-13 03:41 . 2010-05-19 02:14 -------- d-----w- c:\program files\Winamp
2010-07-13 03:41 . 2010-04-05 00:41 -------- d-----w- c:\documents and settings\pato\Application Data\Winamp
2010-07-13 03:41 . 2010-04-05 00:41 -------- d-----w- c:\program files\Winamp Detect
2010-07-01 23:29 . 2010-07-01 23:29 -------- d-----w- c:\program files\Realtek AC97
2010-07-01 23:03 . 2010-07-01 23:03 -------- d-----w- c:\program files\Driver-Soft
2010-07-01 19:06 . 2010-06-12 17:20 -------- d-----w- c:\program files\Winrar 3.71
2010-06-27 23:03 . 2008-12-29 23:43 -------- d-----w- c:\documents and settings\pato\Application Data\vlc
2010-06-27 22:53 . 2010-06-08 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-27 14:05 . 2010-04-19 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX
2010-06-27 14:05 . 2006-05-16 23:36 -------- d-----w- c:\program files\DFX
2010-06-27 14:05 . 2006-05-16 23:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-24 22:09 . 2010-04-17 22:37 -------- d-----w- c:\program files\WhatsRunning
2010-06-22 07:55 . 2010-05-25 18:59 -------- d-----w- c:\program files\CheckPoint
2010-06-20 17:40 . 2009-03-23 18:58 -------- d-----w- c:\program files\LG PC Suite 2
2010-06-20 17:34 . 2010-06-20 17:34 -------- d-----w- c:\documents and settings\pato\Application Data\InstallShield
2010-06-16 21:33 . 2010-06-16 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2010-06-13 15:11 . 2010-06-02 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-12 19:10 . 2009-03-22 09:21 -------- d-----w- c:\documents and settings\pato\Application Data\DivX
2010-06-12 17:33 . 2010-06-12 17:33 -------- d-----w- c:\program files\Soft Gold
2010-06-12 16:46 . 2008-08-16 15:32 -------- d-----w- c:\program files\Sony Ericsson
2010-06-12 16:09 . 2010-06-12 16:09 -------- d-----w- c:\program files\Bonjour
2010-05-26 22:36 . 2006-05-22 14:13 59552 ----a-w- c:\documents and settings\pato\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-20 17:10 . 2010-05-25 18:59 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 68856]
"Wakoopa"="c:\program files\Wakoopa\Wakoopa.exe" [2009-03-25 573440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-26 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-26 503808]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-02 18:06 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [17/07/2010 08:46 28552]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [21/06/2005 16:33 11264]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [14/07/2010 02:28 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [14/07/2010 02:28 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [14/07/2010 02:28 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22/12/2008 12:06 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 12:05 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16/05/2010 23:00 135336]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [10/05/2010 01:51 20968]
R2 MTC0005_MTCDIO;Wireless HotKey Driver;c:\windows\system32\drivers\MTCDIO.sys [01/01/1980 11316]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/04/2010 17:59 135664]
S2 MTCDIO;MTCDIO;c:\windows\system32\drivers\MTCDIO.sys [01/01/1980 11316]
S2 OAcat;Online Armor Helper Service;"c:\program files\Tall Emu\Online Armor\OAcat.exe" --> c:\program files\Tall Emu\Online Armor\OAcat.exe [?]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe --> c:\program files\Tall Emu\Online Armor\oasrv.exe [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\87.tmp --> c:\windows\system32\87.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 12:06 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
mysee2 REG_MULTI_SZ Mysee2_Runtime
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-08-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-05 22:55]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 16:59]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 16:59]

2010-08-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3803457823-4046035089-815174764-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-08-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3803457823-4046035089-815174764-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-05-22 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 13:00]

2010-08-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.ie/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\[email protected]\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining.maxrequests - 4
FF - user.js: ui.submenuDelay - 55
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 21:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asp.net]
"ImagePath"="c:\program files\Common Files\Microsoft Shared\MSINFO\asp.net"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\87.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3803457823-4046035089-815174764-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{62FF04BF-1313-8A89-0005-E696211810F7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"habnnemeigonabba"=hex:6b,61,62,63,6a,65,64,6f,63,61,6b,6d,62,65,6e,64,6e,62,
69,62,67,65,00,00
"jadomkcpfbpifpjldgcf"=hex:6b,61,62,63,6a,65,64,6f,63,61,6b,6d,62,65,6e,64,6e,
62,69,62,67,65,00,00
"fadlbikbefke"=hex:69,61,66,61,61,67,6f,6d,6c,67,6b,70,70,66,70,69,6f,6d,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="B0604686B4C82CF8724B0494EFC03F5389F03DBEF509AC55550C1D6BE7BF7DB2CCED2054FAA3E960C5964978A476347E12DA2097A8ED5367EEA9FE4464B6E944BDC9B7FC77058A3014BE81E0BBBBD9F495AF3B6B039AEBCAA05D78C02F8206B04D34679098482259B5E0FA80BD94C5189780F2ACCA5B326DBC542337EE5AD39AB7129CE4FE2A92CB74BA1ACB68E7E2C91007BE12FBDF344487E02CBDF9542626316F5B92FCCE957D112F55FC2E81EC706C9E2D17433DD346B9F65332DAF0257BDE7938779DBAB8673D45B614B290F6F68A47DB7B046B49EF802F7034528ECC47DA015EB31D5A5B882027DF51512866CC3FA3014254479EC0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CC038D530D6EB3452A9C6AECB7A5D140764E2E885D1C27D317B7B67FC1461B8524F49560FA06CA122BD63DA799CCCF4093974754465110DE26463FD3B16DE8A8A7E9074825C79CEE8A49C24AC9A514122544512715EA36B4854503BE7A433DE23D503AC57EE06EE067833D89025BA37B79457D465CDE8F5E7D63C4C1D0E9338B4AB375D8A84AEC84381F4AEA6E5AF81644DD26940F8AD5FCCEB48713BD597EC5B4F647C5C7C7679EBF854EF2DB9BAA2C344810FE2DAA72C8509B97DE3B1BCA73502E894D16A4070518C68F9A9AFC96F79B55318F39FEC36A494F55B7E8B63E8667644423116D6F1C75FE840E58E308F2A50DAECDCA8F7ABC0EA0A84B704CE0197D79C3687FA6714288635C8EFCB2381FEB7CD0A4D0CAA8EF45DA60BFD6B28187342BA3626C784C44E0C4E2E96163D14A58209FBB693C6B4DEAE1F9103C8FAA72A470B9B1FE0A1C29CEE5B1DF04E7EEDD0BA8AE64E3CF3C62196E9D240573901EEEB1ED2CC5E1A21F620255A5707C686B561F4041038BD44E4C2A5986F8537C47A28A95F498929494506193A678ADEAB8DE68F1C38EC937DD1D190C410F42C6A87EA06D3756472F4F3F9CAA70155EF7D96B4C490C9F2C81997D78E4B64FD34BC549230DAF5217AB676CB6FA1CA16087012A524520B18959069DC28B476A8D0DA287649B1B228296F3D3D60392EB39ACD468761EA06DE93B1FDDD871C8EB666B7C65F162AD714CDD8C4021C15D6C47D327C1ED07388FBC29D0FC97F33BB97BD187E8980A855B499FD8746446F3697EA8E819F6F9DA5D8884BDA06023D537301191E2693265F8EA1BD86271F17032B0228A738DB2A3314298326692713E924C3A879D981B06ED75F4EC63795EDB3B44496C406D772CAFDD2E435BF2B21DC387789E73F1E69BEFBAF35D07CB7EA091C98C6339C4CE04B9C926155C96D664BF2F6D2C461E385CF9A544F3170B49701FE497B4F83C175D5A9DD3DD2BB737996497CED7042EDCE6509F24CF8"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(508)
c:\program files\superantispyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2804)
c:\windows\system32\WININET.dll
c:\program files\Sophos\Windows Shortcut Exploit Protection Tool\SophosLinkIconHandler32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-08 21:55:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-08 20:55

Pre-Run: 13,866,729,472 bytes free
Post-Run: 13,697,941,504 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 3DB193C65C7697D3E605AC02874FBFB4


Many thanks for your help..
  • 0

#12
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

I am going to go ahead and clean-up some of the leftover security program files manually, as it doesn't look like Online Armor was removed completely.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::

File::
c:\windows\system32\drivers\OAmon.sys
c:\windows\system32\drivers\OAnet.sys
c:\windows\system32\drivers\OADriver.sys
c:\windows\system32\drivers\OADriver.sys
c:\windows\system32\drivers\OAmon.sys
c:\windows\system32\drivers\OAnet.sys
c:\program files\Tall Emu\Online Armor\OAcat.exe
c:\program files\Tall Emu\Online Armor\oasrv.exe

Folder::
c:\documents and settings\All Users\Application Data\OnlineArmor
c:\documents and settings\pato\Application Data\OnlineArmor

Driver::
OADevice
OAmon
OAnet
OAcat
SvcOnlineArmor

SecCenter::
AV: *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

Firefox::
FF - ProfilePath - c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\
FF - prefs.js: network.proxy.type - 4

RegLockDel::
[HKEY_USERS\S-1-5-21-3803457823-4046035089-815174764-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{62FF04BF-1313-8A89-0005-E696211810F7}*]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#13
TheToker

TheToker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
High again SweetTech..
Here are the requested logs.

----------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4408

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

09/08/2010 03:06:35
mbam-log-2010-08-09 (03-06-35).txt

Scan type: Quick scan
Objects scanned: 142565
Time elapsed: 11 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------
ComboFix 10-08-08.01 - pato 09/08/2010 1:58.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.991.698 [GMT 1:00]
Running from: c:\documents and settings\pato\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\pato\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\program files\Tall Emu\Online Armor\OAcat.exe"
"c:\program files\Tall Emu\Online Armor\oasrv.exe"
"c:\windows\system32\drivers\OADriver.sys"
"c:\windows\system32\drivers\OAmon.sys"
"c:\windows\system32\drivers\OAnet.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\OnlineArmor
c:\documents and settings\All Users\Application Data\OnlineArmor\dmphistm.dat
c:\documents and settings\All Users\Application Data\OnlineArmor\dmphistm.dat.bak
c:\documents and settings\All Users\Application Data\OnlineArmor\license.dat
c:\documents and settings\All Users\Application Data\OnlineArmor\license.dat.bak
c:\documents and settings\pato\Application Data\OnlineArmor
c:\documents and settings\pato\Application Data\OnlineArmor\client.dat
c:\documents and settings\pato\Application Data\OnlineArmor\client.dat.bak
c:\windows\system32\drivers\OADriver.sys
c:\windows\system32\drivers\OAmon.sys
c:\windows\system32\drivers\OAnet.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OACAT
-------\Legacy_OADEVICE
-------\Legacy_OAMON
-------\Legacy_OANET
-------\Legacy_SVCONLINEARMOR
-------\Service_OAcat
-------\Service_OADevice
-------\Service_OAmon
-------\Service_OAnet
-------\Service_SvcOnlineArmor


((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.

2010-08-07 21:24 . 2010-08-07 21:24 -------- d-----w- c:\program files\ERUNT
2010-08-07 17:18 . 2010-08-07 17:19 -------- d-----w- c:\program files\X-Setup Pro
2010-08-07 16:48 . 2004-08-03 23:56 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-08-07 16:48 . 2001-08-17 21:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-08-07 16:48 . 2001-08-17 21:36 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-08-07 16:48 . 2001-08-17 21:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-08-07 16:48 . 2001-08-17 21:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-08-07 16:48 . 2001-08-17 21:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-08-07 16:48 . 2001-08-17 11:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-08-07 16:48 . 2004-08-03 21:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-08-07 16:48 . 2004-08-03 22:10 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-08-07 16:48 . 2004-08-03 21:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-08-07 16:48 . 2004-08-03 23:56 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-07 16:46 . 2004-08-03 21:29 22271 ----a-w- c:\windows\system32\dllcache\watv06nt.sys
2010-08-07 16:45 . 2004-08-03 23:56 11325 ----a-w- c:\windows\system32\dllcache\vchnt5.dll
2010-08-07 16:44 . 2001-08-17 21:36 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-08-07 16:44 . 2001-08-17 21:36 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-08-07 16:44 . 2001-08-17 21:36 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-08-07 16:44 . 2001-08-17 21:36 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-08-07 16:44 . 2001-08-17 12:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-08-07 16:44 . 2001-08-17 21:36 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-08-07 16:44 . 2001-08-17 21:36 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-08-07 16:44 . 2001-08-17 21:36 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2010-08-07 16:44 . 2001-08-17 21:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2010-08-07 16:44 . 2004-08-03 22:07 44672 ----a-w- c:\windows\system32\dllcache\uagp35.sys
2010-08-07 16:44 . 2001-08-17 12:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2010-08-07 16:44 . 2004-08-04 13:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-08-07 16:44 . 2001-08-17 11:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-08-07 16:42 . 2001-08-17 11:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-08-07 16:41 . 2001-08-17 21:36 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-08-07 16:41 . 2001-08-17 21:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-08-07 16:41 . 2001-08-17 21:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-08-07 16:41 . 2001-08-17 21:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-08-07 16:41 . 2004-08-03 22:10 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-08-07 16:41 . 2001-08-17 21:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-08-07 16:41 . 2001-08-17 21:36 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-08-07 16:41 . 2001-08-17 11:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2010-08-07 16:41 . 2001-08-17 12:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2010-08-07 16:41 . 2001-08-17 11:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-08-07 16:41 . 2004-08-04 13:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-08-07 16:41 . 2001-08-17 21:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-08-07 16:41 . 2001-08-17 21:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-08-07 16:39 . 2004-08-03 22:07 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys
2010-08-07 16:38 . 2001-08-17 11:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-08-07 16:37 . 2001-08-17 12:53 10880 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2010-08-07 16:36 . 2001-08-17 21:36 62496 ----a-w- c:\windows\system32\dllcache\s3mtrio.dll
2010-08-07 16:35 . 2004-08-03 21:59 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2010-08-07 16:34 . 2001-08-17 12:28 112574 ----a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-08-07 16:33 . 2001-08-17 13:04 75776 ----a-w- c:\windows\system32\dllcache\philcam1.sys
2010-08-07 16:32 . 2001-08-17 21:36 20480 ----a-w- c:\windows\system32\dllcache\ovcomc.dll
2010-08-07 16:31 . 2001-08-17 21:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2010-08-07 16:30 . 2001-08-17 13:56 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll
2010-08-07 16:29 . 2004-08-03 21:58 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-08-07 16:29 . 2004-08-03 22:10 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-08-07 16:29 . 2001-08-17 12:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-08-07 16:29 . 2001-08-17 13:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-08-07 16:29 . 2004-08-04 13:00 40960 ----a-w- c:\windows\system32\dllcache\msiregmv.exe
2010-08-07 16:29 . 2004-08-03 22:00 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-08-07 16:29 . 2001-08-17 13:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-08-07 16:29 . 2001-08-17 12:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2010-08-07 16:29 . 2004-08-03 22:10 51328 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-08-07 16:29 . 2004-08-03 22:10 15360 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-08-07 16:29 . 2001-08-17 12:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-08-07 16:27 . 2004-08-03 21:41 420992 ----a-w- c:\windows\system32\dllcache\ltmdmntt.sys
2010-08-07 16:26 . 2004-08-04 13:00 18432 ----a-w- c:\windows\system32\dllcache\jupiw.dll
2010-08-07 16:25 . 2001-08-17 13:06 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys
2010-08-07 16:24 . 2004-08-03 21:41 1041536 ----a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-08-07 16:23 . 2001-08-17 21:36 32768 ----a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2010-08-07 16:22 . 2001-08-17 12:51 82304 ----a-w- c:\windows\system32\dllcache\grclass.sys
2010-08-07 16:21 . 2001-08-17 11:13 27165 ----a-w- c:\windows\system32\dllcache\fetnd5.sys
2010-08-07 16:20 . 2001-08-17 11:19 40704 ----a-w- c:\windows\system32\dllcache\es1371mp.sys
2010-08-07 16:19 . 2001-08-17 11:10 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys
2010-08-07 16:18 . 2001-08-17 21:36 102484 ----a-w- c:\windows\system32\dllcache\digiinf.dll
2010-08-07 16:17 . 2001-08-17 11:19 3072 ----a-w- c:\windows\system32\dllcache\cwbmidi.sys
2010-08-07 16:16 . 2001-08-17 21:36 236032 ----a-w- c:\windows\system32\dllcache\camext20.dll
2010-08-07 16:15 . 2004-08-03 23:56 17279 ----a-w- c:\windows\system32\dllcache\atv10nt5.dll
2010-08-07 16:14 . 2004-08-03 23:56 3711 ----a-w- c:\windows\system32\dllcache\adv09nt5.dll
2010-08-07 16:13 . 2003-03-24 15:52 208896 ----a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2010-08-06 22:22 . 2010-08-06 22:22 -------- d-----w- c:\program files\Common Files\Java
2010-08-03 22:05 . 2010-08-03 22:07 -------- d-----w- c:\documents and settings\pato\Local Settings\Application Data\AskToolbar
2010-08-03 02:06 . 2010-08-03 02:06 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-30 00:05 . 2010-05-20 17:10 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-07-30 00:05 . 2010-05-20 17:10 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-07-27 03:11 . 2010-07-27 03:11 -------- d-----w- c:\program files\Ask.com
2010-07-23 18:30 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-07-22 18:46 . 2008-02-27 12:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-07-22 18:46 . 2010-07-22 18:46 -------- d-----w- c:\program files\Belarc
2010-07-21 12:37 . 2003-10-29 12:34 14976 ----a-w- c:\windows\system32\drivers\winddx.sys
2010-07-21 12:37 . 2003-10-29 11:54 512000 ----a-w- c:\windows\system32\SLLights.dll
2010-07-21 12:37 . 2003-10-29 11:47 65536 ----a-w- c:\windows\SmCfg.exe
2010-07-21 12:37 . 2003-10-29 11:19 380928 ----a-w- c:\windows\system32\slmh.exe
2010-07-21 12:37 . 2003-10-29 10:52 188416 ----a-w- c:\windows\system32\amr_cpl.dll
2010-07-21 12:37 . 2003-10-29 10:51 167936 ----a-w- c:\windows\system32\minirec.exe
2010-07-21 11:57 . 2010-08-07 02:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-19 00:29 . 2004-07-01 11:03 159744 ----a-w- c:\windows\system32\igfxres.dll
2010-07-17 07:46 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-17 07:44 . 2010-07-17 07:44 -------- d-----w- c:\program files\Panda Security
2010-07-17 00:32 . 2010-07-17 00:32 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 21:00 . 2008-06-21 17:56 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-08-08 13:59 . 2008-06-20 23:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-07 17:18 . 2010-06-08 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\X-Setup Pro
2010-08-07 00:17 . 2006-09-11 23:09 821280 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-08-07 00:17 . 2006-09-11 23:09 108344 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-08-07 00:17 . 2006-09-11 23:09 481508 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-08-07 00:17 . 2006-09-11 23:09 30171936 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-08-06 22:22 . 2010-08-06 22:22 503808 ----a-w- c:\documents and settings\pato\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-70406de1-n\msvcp71.dll
2010-08-06 22:22 . 2010-08-06 22:22 12800 ----a-w- c:\documents and settings\pato\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1db2743d-n\decora-d3d.dll
2010-08-06 22:22 . 2010-08-06 22:22 499712 ----a-w- c:\documents and settings\pato\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-70406de1-n\jmc.dll
2010-08-06 22:22 . 2010-08-06 22:22 61440 ----a-w- c:\documents and settings\pato\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1db2743d-n\decora-sse.dll
2010-08-06 22:22 . 2010-08-06 22:22 348160 ----a-w- c:\documents and settings\pato\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-70406de1-n\msvcr71.dll
2010-08-06 22:21 . 2009-01-02 22:43 -------- d-----w- c:\program files\Java
2010-08-06 22:19 . 2009-02-17 23:01 -------- d-----w- c:\documents and settings\pato\Application Data\Orbit
2010-08-06 03:13 . 2010-04-03 00:40 -------- d-----w- c:\documents and settings\pato\Application Data\QuickScan
2010-08-03 22:45 . 2010-05-15 17:27 63488 ----a-w- c:\documents and settings\pato\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-03 22:45 . 2010-04-02 18:09 117760 ----a-w- c:\documents and settings\pato\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-03 22:28 . 2009-01-02 23:07 -------- d-----w- c:\program files\Sophos
2010-08-03 02:08 . 2010-06-27 14:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-08-03 02:08 . 2010-06-27 14:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-08-03 02:08 . 2010-06-27 14:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-08-03 02:08 . 2010-06-27 14:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-08-03 02:08 . 2010-06-27 14:00 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-08-03 02:08 . 2010-06-27 14:00 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-08-03 02:08 . 2010-06-27 14:00 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-08-03 02:08 . 2010-06-27 14:00 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-08-03 02:08 . 2010-05-02 21:24 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-08-03 02:08 . 2006-05-16 23:01 -------- d-----w- c:\program files\Common Files\Real
2010-08-03 02:07 . 2010-05-02 21:23 -------- d-----w- c:\program files\real
2010-08-01 18:38 . 2010-04-03 13:51 -------- d-----w- c:\documents and settings\pato\Application Data\uTorrent
2010-07-31 16:43 . 2010-04-03 13:51 -------- d-----w- c:\program files\uTorrent
2010-07-29 04:40 . 2007-11-04 22:15 -------- d-----w- c:\program files\CCleaner
2010-07-27 03:11 . 2010-05-29 12:42 -------- d-----w- c:\documents and settings\pato\Application Data\Foxit Software
2010-07-27 03:10 . 2010-04-08 22:10 -------- d-----w- c:\program files\Foxit Software
2010-07-26 21:30 . 2010-08-04 23:31 705208 ----a-w- c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-07-26 21:30 . 2010-08-04 23:31 978664 ----a-w- c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-07-24 03:23 . 2009-01-01 23:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-24 03:21 . 2007-11-04 18:47 -------- d-----w- c:\program files\SpywareBlaster
2010-07-23 16:22 . 2010-08-01 11:58 1496064 ----a-w- c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-23 16:22 . 2010-08-01 11:58 43008 ----a-w- c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-23 16:22 . 2010-08-01 11:58 338944 ----a-w- c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-23 16:22 . 2010-08-01 11:58 346112 ----a-w- c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-21 12:26 . 2008-08-08 12:33 -------- d-----w- c:\program files\Common Files\Apple
2010-07-18 13:00 . 2006-09-09 12:17 -------- d-----w- c:\program files\SopCast
2010-07-18 01:37 . 2010-05-08 14:12 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-17 04:00 . 2010-04-28 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-13 23:07 . 2006-05-17 10:08 -------- d-----w- c:\program files\DivX
2010-07-13 03:41 . 2010-05-19 02:14 -------- d-----w- c:\program files\Winamp
2010-07-13 03:41 . 2010-04-05 00:41 -------- d-----w- c:\documents and settings\pato\Application Data\Winamp
2010-07-13 03:41 . 2010-04-05 00:41 -------- d-----w- c:\program files\Winamp Detect
2010-07-01 23:29 . 2010-07-01 23:29 -------- d-----w- c:\program files\Realtek AC97
2010-07-01 23:03 . 2010-07-01 23:03 -------- d-----w- c:\program files\Driver-Soft
2010-07-01 19:06 . 2010-06-12 17:20 -------- d-----w- c:\program files\Winrar 3.71
2010-06-28 04:28 . 2010-06-27 22:53 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-06-27 23:03 . 2008-12-29 23:43 -------- d-----w- c:\documents and settings\pato\Application Data\vlc
2010-06-27 22:53 . 2010-06-08 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-27 14:05 . 2010-04-19 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX
2010-06-27 14:05 . 2006-05-16 23:36 -------- d-----w- c:\program files\DFX
2010-06-27 14:05 . 2006-05-16 23:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-27 13:56 . 2010-06-27 13:56 734728 ----a-w- c:\documents and settings\pato\Application Data\Real\RealPlayer\setup\AU_setup14.exe
2010-06-24 22:09 . 2010-04-17 22:37 -------- d-----w- c:\program files\WhatsRunning
2010-06-22 07:55 . 2010-05-25 18:59 -------- d-----w- c:\program files\CheckPoint
2010-06-20 17:40 . 2009-03-23 18:58 -------- d-----w- c:\program files\LG PC Suite 2
2010-06-20 17:34 . 2010-06-20 17:34 -------- d-----w- c:\documents and settings\pato\Application Data\InstallShield
2010-06-16 21:33 . 2010-06-16 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2010-06-13 15:11 . 2010-06-02 04:46 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-13 15:11 . 2010-06-02 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-13 15:11 . 2010-06-13 15:11 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-13 15:11 . 2010-06-13 15:11 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-13 15:10 . 2010-06-13 15:10 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-13 15:10 . 2010-06-13 15:10 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-13 15:10 . 2010-06-13 15:10 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-13 15:10 . 2010-06-13 15:10 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-13 15:10 . 2010-06-13 15:10 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-13 15:10 . 2010-06-13 15:10 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-13 15:00 . 2010-06-02 01:03 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-06-13 15:00 . 2010-06-02 01:07 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-13 14:59 . 2010-06-02 01:07 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-12 19:10 . 2009-03-22 09:21 -------- d-----w- c:\documents and settings\pato\Application Data\DivX
2010-06-12 17:33 . 2010-06-12 17:33 -------- d-----w- c:\program files\Soft Gold
2010-06-12 16:46 . 2008-08-16 15:32 -------- d-----w- c:\program files\Sony Ericsson
2010-06-12 16:09 . 2010-06-12 16:09 -------- d-----w- c:\program files\Bonjour
2010-06-02 01:06 . 2010-06-02 01:06 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-02 01:06 . 2010-06-02 01:06 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-02 01:06 . 2010-06-02 01:06 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-02 01:06 . 2010-06-02 01:06 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-02 01:06 . 2010-06-02 01:06 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-02 01:06 . 2010-06-02 01:06 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-02 01:05 . 2010-06-02 01:05 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-02 01:05 . 2010-06-02 01:05 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-02 01:05 . 2010-06-02 01:05 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-02 01:04 . 2010-06-02 01:04 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-26 22:36 . 2006-05-22 14:13 59552 ----a-w- c:\documents and settings\pato\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-20 17:10 . 2010-05-25 18:59 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 68856]
"Wakoopa"="c:\program files\Wakoopa\Wakoopa.exe" [2009-03-25 573440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-26 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-26 503808]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-02 18:06 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [17/07/2010 08:46 28552]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [21/06/2005 16:33 11264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22/12/2008 12:06 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 12:05 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16/05/2010 23:00 135336]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [10/05/2010 01:51 20968]
R2 MTC0005_MTCDIO;Wireless HotKey Driver;c:\windows\system32\drivers\MTCDIO.sys [01/01/1980 11316]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/04/2010 17:59 135664]
S2 MTCDIO;MTCDIO;c:\windows\system32\drivers\MTCDIO.sys [01/01/1980 11316]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\87.tmp --> c:\windows\system32\87.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 12:06 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
mysee2 REG_MULTI_SZ Mysee2_Runtime
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-08-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-08-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-05 22:55]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 16:59]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 16:59]

2010-08-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3803457823-4046035089-815174764-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-05-22 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 13:00]

2010-08-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.ie/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\[email protected]\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\pato\Application Data\Mozilla\Firefox\Profiles\cjtwlznm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining.maxrequests - 4
FF - user.js: ui.submenuDelay - 55
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 02:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asp.net]
"ImagePath"="c:\program files\Common Files\Microsoft Shared\MSINFO\asp.net"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\87.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3803457823-4046035089-815174764-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{62FF04BF-1313-8A89-0005-E696211810F7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"habnnemeigonabba"=hex:6b,61,62,63,6a,65,64,6f,63,61,6b,6d,62,65,6e,64,6e,62,
69,62,67,65,00,00
"jadomkcpfbpifpjldgcf"=hex:6b,61,62,63,6a,65,64,6f,63,61,6b,6d,62,65,6e,64,6e,
62,69,62,67,65,00,00
"fadlbikbefke"=hex:69,61,66,61,61,67,6f,6d,6c,67,6b,70,70,66,70,69,6f,6d,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="B0604686B4C82CF8724B0494EFC03F5389F03DBEF509AC55550C1D6BE7BF7DB2CCED2054FAA3E960C5964978A476347E12DA2097A8ED5367EEA9FE4464B6E944BDC9B7FC77058A3014BE81E0BBBBD9F495AF3B6B039AEBCAA05D78C02F8206B04D34679098482259B5E0FA80BD94C5189780F2ACCA5B326DBC542337EE5AD39AB7129CE4FE2A92CB74BA1ACB68E7E2C91007BE12FBDF344487E02CBDF9542626316F5B92FCCE957D112F55FC2E81EC706C9E2D17433DD346B9F65332DAF0257BDE7938779DBAB8673D45B614B290F6F68A47DB7B046B49EF802F7034528ECC47DA015EB31D5A5B882027DF51512866CC3FA3014254479EC0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CC038D530D6EB3452A9C6AECB7A5D140764E2E885D1C27D317B7B67FC1461B8524F49560FA06CA122BD63DA799CCCF4093974754465110DE26463FD3B16DE8A8A7E9074825C79CEE8A49C24AC9A514122544512715EA36B4854503BE7A433DE23D503AC57EE06EE067833D89025BA37B79457D465CDE8F5E7D63C4C1D0E9338B4AB375D8A84AEC84381F4AEA6E5AF81644DD26940F8AD5FCCEB48713BD597EC5B4F647C5C7C7679EBF854EF2DB9BAA2C344810FE2DAA72C8509B97DE3B1BCA73502E894D16A4070518C68F9A9AFC96F79B55318F39FEC36A494F55B7E8B63E8667644423116D6F1C75FE840E58E308F2A50DAECDCA8F7ABC0EA0A84B704CE0197D79C3687FA6714288635C8EFCB2381FEB7CD0A4D0CAA8EF45DA60BFD6B28187342BA3626C784C44E0C4E2E96163D14A58209FBB693C6B4DEAE1F9103C8FAA72A470B9B1FE0A1C29CEE5B1DF04E7EEDD0BA8AE64E3CF3C62196E9D240573901EEEB1ED2CC5E1A21F620255A5707C686B561F4041038BD44E4C2A5986F8537C47A28A95F498929494506193A678ADEAB8DE68F1C38EC937DD1D190C410F42C6A87EA06D3756472F4F3F9CAA70155EF7D96B4C490C9F2C81997D78E4B64FD34BC549230DAF5217AB676CB6FA1CA16087012A524520B18959069DC28B476A8D0DA287649B1B228296F3D3D60392EB39ACD468761EA06DE93B1FDDD871C8EB666B7C65F162AD714CDD8C4021C15D6C47D327C1ED07388FBC29D0FC97F33BB97BD187E8980A855B499FD8746446F3697EA8E819F6F9DA5D8884BDA06023D537301191E2693265F8EA1BD86271F17032B0228A738DB2A3314298326692713E924C3A879D981B06ED75F4EC63795EDB3B44496C406D772CAFDD2E435BF2B21DC387789E73F1E69BEFBAF35D07CB7EA091C98C6339C4CE04B9C926155C96D664BF2F6D2C461E385CF9A544F3170B49701FE497B4F83C175D5A9DD3DD2BB737996497CED7042EDCE6509F24CF8"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(472)
c:\program files\superantispyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3256)
c:\windows\system32\WININET.dll
c:\program files\Sophos\Windows Shortcut Exploit Protection Tool\SophosLinkIconHandler32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-09 02:21:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-09 01:20
ComboFix2.txt 2010-08-08 20:55

Pre-Run: 13,667,885,056 bytes free
Post-Run: 13,636,837,376 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - CF40304BB74D896151D55BB4AB1C1E54
  • 0

#14
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Your logs are looking good. Lets do a few more scans to ensure that we've gotten everything.

How are things running?

Kaspersky Online Scanner
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#15
TheToker

TheToker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
High, and sorry about the delay..
We have a small problem. Logs below.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 10, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 09, 2010 19:33:07
Records in database: 4130570
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 64795
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:03:11


File name / Threat / Threats count
C:\Program Files\Veetle\Player\vtl_hfax.exe Infected: Backdoor.Win32.Shiz.gen 1

Selected area has been scanned.

---------------------------------
checkup.txt


Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
ZoneAlarm
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
TuneUp Utilities 2009
CCleaner
Java™ 6 Update 21
Adobe Flash Player 10.1.53.64
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

--------------------------------------

Thank you for your ongoing help..
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP