Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Heavily Infected

Started by mossypad , Dec 27 2010 06:57 PM

  • Please log in to reply

#1
mossypad
Posted 27 December 2010 - 06:57 PM

mossypad

    New Member

  • Member
  • Pip
  • 1 posts
Hi, my parents computer seems to have a few issues regarding security and viruses. Webpages are automatically popping up, you cant visit some sites and are automatically redirected to third party sites. Also appears that it bogs down with processes and wont run any spyware or virus programs. Also seems to disconnect wireless internet connection after time. Here is the OTL scan file!

OTL logfile created on: 12/27/2010 4:45:52 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 436.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.70 Gb Total Space | 119.86 Gb Free Space | 82.27% Space Free | Partition Type: NTFS
Drive J: | 1.80 Gb Total Space | 0.55 Gb Free Space | 30.70% Space Free | Partition Type: FAT32

Computer Name: HOME-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/27 16:45:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/12/27 16:42:45 | 130,359,064 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HZTZ6TQW\Ad-Aware90Install[1].exe
PRC - [2010/12/03 01:06:07 | 002,985,360 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Owner\Local Settings\Temp\miaA.tmp\Ad-Aware90Install.exe
PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2009/10/17 14:02:38 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/27 16:45:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/25 09:01:42 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/09/05 21:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2005/07/12 13:33:02 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)


========== Driver Services (SafeList) ==========

DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/12/04 05:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 21:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/06 21:40:50 | 000,377,920 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2006/08/24 12:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.castanet.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/24 09:31:30 | 000,000,000 | ---D | M]

[2010/01/21 21:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/01/21 21:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2009/01/09 11:38:50 | 000,290,772 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10015 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [bipro] C:\WINDOWS\$NtUninstallMTF197$\sfclp.DLL ()
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [MemoryCardManager] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [mssend] C:\Documents and Settings\Owner\Application Data\xssend2\svcnost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PowerBar] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logme...eDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231483615265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 199.185.220.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\Documents and Settings\Owner\Application Data\fbuqeqw2gllq2jylwxmyml2btl2hrba2\csrss.exe") - C:\Documents and Settings\Owner\Application Data\fbuqeqw2gllq2jylwxmyml2btl2hrba2\csrss.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 17:58:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2099/01/01 12:00:00 | 000,000,077 | ---- | M] () - J:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/27 16:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/12/27 16:48:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/12/27 16:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/12/27 16:46:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/27 16:45:00 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/12/27 16:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/27 13:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sky-Banners
[2010/12/27 12:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2010/12/27 12:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\xssend2
[2010/12/27 12:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\fbuqeqw2gllq2jylwxmyml2btl2hrba2
[2010/12/27 11:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Street-Ads
[2010/12/27 10:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/12/20 18:01:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\HideFyles
[2010/12/20 18:01:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\HidesFileLogs
[2010/12/20 18:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/12/19 17:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/12/19 17:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/19 17:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/15 10:50:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/11 13:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/12/11 13:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/12/11 09:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/11 09:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/27 16:47:57 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/27 16:47:57 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/12/27 16:45:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/12/27 16:28:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/27 16:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/12/27 16:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/12/27 16:07:59 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/12/27 15:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/12/27 15:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/12/27 14:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/12/27 14:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/12/27 13:28:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/27 13:14:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/27 13:14:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/27 12:58:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/27 12:34:58 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 12:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/12/27 12:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/12/27 11:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/12/27 11:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/12/27 10:47:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\OpPrintServer.INI
[2010/12/27 10:46:01 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2010/12/27 10:32:13 | 000,218,106 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ISO2_DVD.nri
[2010/12/27 10:10:21 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/27 10:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/12/27 10:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/12/27 10:06:50 | 102,759,969 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/12/27 09:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/12/27 09:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/12/27 08:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/12/27 08:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/12/27 07:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/12/27 07:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/12/27 06:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/12/27 06:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/12/27 05:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/12/27 05:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/12/27 04:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/12/27 04:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/12/27 03:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/12/27 03:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/12/27 02:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/12/27 02:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/12/27 01:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/12/27 01:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/12/27 00:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/12/27 00:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/12/26 23:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/12/26 23:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/12/26 22:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/12/26 22:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/12/26 21:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/12/26 21:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/12/26 20:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/12/26 20:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/12/26 19:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/12/26 19:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/12/26 18:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/12/26 18:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/12/26 17:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/12/26 17:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/12/26 13:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/12/26 13:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/12/21 17:35:02 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/21 17:35:02 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/11 10:34:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/12/03 11:46:27 | 000,000,314 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CIBC.url
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/27 16:47:57 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/27 16:47:57 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/12/27 16:07:42 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/12/27 10:47:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2010/12/27 10:46:01 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2010/12/27 10:32:13 | 000,218,106 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ISO2_DVD.nri
[2010/12/22 20:20:37 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/12/22 20:20:37 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/12/22 20:20:37 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/12/22 20:20:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/12/21 21:48:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/12/21 21:48:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/12/11 10:20:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/06 13:52:20 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2010/11/06 13:52:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/10 21:00:15 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/01 19:19:13 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2009/07/01 19:18:11 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2009/07/01 19:18:10 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2009/07/01 19:18:10 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2009/07/01 19:18:10 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2009/07/01 19:18:10 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2009/07/01 19:18:09 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2009/07/01 19:18:08 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2009/07/01 19:18:08 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2009/07/01 19:18:07 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2009/07/01 19:18:06 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2009/07/01 19:18:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2009/07/01 19:17:59 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2009/07/01 19:17:59 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2009/07/01 19:17:59 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2009/07/01 19:17:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2009/07/01 19:17:57 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2009/07/01 19:17:57 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2009/07/01 19:17:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2009/01/12 19:57:19 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/12 07:03:49 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/01/08 19:37:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/08 09:51:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/26 14:42:52 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/12/21 21:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/12/22 20:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/07/01 19:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/11/01 20:13:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/01 20:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/01/09 11:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/27 16:48:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/11/01 20:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/12/27 12:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\fbuqeqw2gllq2jylwxmyml2btl2hrba2
[2010/12/27 12:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2009/01/12 18:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/12/27 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sky-Banners
[2010/12/27 11:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Street-Ads
[2009/09/10 19:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2010/12/27 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\xssend2
[2010/12/27 00:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/12/27 09:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/12/27 10:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/12/27 11:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/12/27 12:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/12/26 13:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/12/27 14:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/12/27 15:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/12/27 16:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/12/26 17:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/12/26 18:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/12/27 01:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/12/26 19:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/12/26 20:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/12/26 21:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/12/26 22:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/12/26 23:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/12/27 00:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/12/27 01:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/12/27 02:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/12/27 03:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/12/27 04:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/12/27 02:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/12/27 05:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/12/27 06:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/12/27 07:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/12/27 08:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/12/27 09:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/12/27 10:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/12/27 11:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/12/27 12:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/12/26 13:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/12/27 14:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/12/27 03:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/12/27 15:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/12/27 16:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/12/26 17:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/12/26 18:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/12/26 19:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/12/26 20:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/12/26 21:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/12/26 22:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/12/26 23:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/12/27 04:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/12/27 05:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/12/27 06:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/12/27 07:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/12/27 08:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



< End of report >



THank you very much!!!
  • 0

Advertisements

#2
RKinner
Posted 29 December 2010 - 10:12 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box below by highlighting and then Ctrl + c :


:OTL
O4 - HKLM..\Run: [bipro] C:\WINDOWS\$NtUninstallMTF197$\sfclp.DLL ()
O4 - HKLM..\Run: [MemoryCardManager] File not found
O4 - HKCU..\Run: [mssend] C:\Documents and Settings\Owner\Application Data\xssend2\svcnost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PowerBar] File not found
O20 - HKLM Winlogon: Shell - ("C:\Documents and Settings\Owner\Application Data\fbuqeqw2gllq2jylwxmyml2btl2hrba2\csrss.exe") - C:\Documents and Settings\Owner\Application Data\fbuqeqw2gllq2jylwxmyml2btl2hrba2\csrss.exe (Microsoft Corporation)
O32 - AutoRun File - [2099/01/01 12:00:00 | 000,000,077 | ---- | M] () - J:\autorun.inf -- [ FAT32 ]
[2010/12/27 12:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\xssend2
[2010/12/27 12:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\fbuqeqw2gllq2jylwxmyml2btl2hrba2
[2010/12/27 11:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Street-Ads
[2010/12/20 18:01:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\HideFyles
[2010/12/20 18:01:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\HidesFileLogs
[2010/12/27 00:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/12/27 09:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/12/27 10:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/12/27 11:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/12/27 12:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/12/26 13:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/12/27 14:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/12/27 15:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/12/27 16:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/12/26 17:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/12/26 18:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/12/27 01:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/12/26 19:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/12/26 20:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/12/26 21:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/12/26 22:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/12/26 23:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/12/27 00:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/12/27 01:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/12/27 02:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/12/27 03:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/12/27 04:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/12/27 02:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/12/27 05:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/12/27 06:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/12/27 07:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/12/27 08:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/12/27 09:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/12/27 10:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/12/27 11:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/12/27 12:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/12/26 13:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/12/27 14:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/12/27 03:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/12/27 15:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/12/27 16:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/12/26 17:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/12/26 18:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/12/26 19:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/12/26 20:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/12/26 21:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/12/26 22:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/12/26 23:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/12/27 04:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/12/27 05:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/12/27 06:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/12/27 07:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/12/27 08:08:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

:FILES
C:\Documents and Settings\Owner\Application Data\xssend2
C:\Documents and Settings\Owner\Application Data\fbuqeqw2gllq2jylwxmyml2btl2hrba2
C:\Documents and Settings\Owner\Application Data\Street-Ads
C:\WINDOWS\System32\HideFyles
C:\WINDOWS\System32\HidesFileLogs
C:\WINDOWS\Tasks\At*.job

:Commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]

Run OTL then paste the above in the box where it says Custom Scans/Fixes. Verify that you got it all then hit RUN FIX.

Copy and past the log it creates into a Reply.


Turn off or Pause your Antivirus.

Download Combofix from any of the links below but rename it to george.exe before saving it to your desktop.

http://subs.geekstogo.com/ComboFix.exe
http://download.blee...Bs/ComboFix.exe
http://www.infospywa...alware/combofix


==================================


Double click on george.exe & follow the prompts. Allow it to install the Recovery Console. It may need to reboot.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

You can turn on your anti-virus now.

Posted Image Please download Malwarebytes' Anti-Malware from http://www.malwareby...am-download.php

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Run OTL.
In the Extra Registry group, Select the Use SafeList option. In the File Scans areas set the File Age to 90 Days.
Press the Run Scan button.

You will receive two logs. Please post (copy and paste do not attach) them both.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP