Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Overkill and Being Killed By Rootkits


  • This topic is locked This topic is locked

#1
photopony

photopony

    Member

  • Member
  • PipPip
  • 19 posts
Computer had a bad malware and had tons of popups then shut down Windows Vista Security Center. It popped up as a virus scan software over and over and kept opening browsers. At the recommendation of a friend I downloaded Malware Bytes and it removed the trojan that wouldnt die. However my Vista Security Center would never turn back on, the firewall was fine. I then started getting alerts popping up all over from malware bytes and it informing me I had a rootkit.

I then made a mistake I am sure is common, I am so fastidious with my Avast updates and temp file dumping that I havent had a single virus in YEARS. I panicked I admit it. I now have a variety of programs all detecting, deleting, and then redetecting the same things.

1. Avast Antivirus - Avast was briefly disabled but I brought it back online. Finds 2 trojans and does boot scan and deletes them there too, then reboots and its the same viruses. The avast boot scan says I have the [email protected]
2. Lavasoft Adaware - Picks up about 112 trackinc cookies every time I run it.
3. Avira Antivirus - Has not been working in days.
4. SUPER AntiSpyware - Finds around a hundred tracking cookies.
5. Malware Bytes - immediately detects a rootkit when Windows boots.
6. I also use CCleaner REgistry Cleaner pretty regularly.

Windows also blocks some startup programs. Also says "HOST PROCESS FOR WINDOWS SERVICES STOPPED WORKING AND WAS CLOSED)



OTL Scan

OTL logfile created on: 6/2/2011 11:36:09 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Hegemon\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.58% Memory free
4.24 Gb Paging File | 3.00 Gb Available in Paging File | 70.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.71 Gb Total Space | 263.28 Gb Free Space | 72.39% Space Free | Partition Type: NTFS
Drive D: | 8.90 Gb Total Space | 1.00 Gb Free Space | 11.25% Space Free | Partition Type: NTFS

Computer Name: HEGEMON-PC | User Name: Hegemon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 23:35:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Hegemon\Downloads\OTL.exe
PRC - [2011/05/23 08:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/13 02:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/05/10 05:20:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/27 03:32:55 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/10/12 09:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/02 23:35:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Hegemon\Downloads\OTL.exe
MOD - [2011/05/10 05:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (getPlusHelper)
SRV - [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/27 03:32:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/06 18:16:54 | 000,712,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009/02/06 18:16:54 | 000,712,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2007/10/12 09:34:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/09/11 16:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 16:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 15:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 15:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 10:32:28 | 000,208,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/08/31 23:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 09:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/09 15:26:50 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/04/02 21:38:05 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/04/02 21:38:04 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/27 17:59:00 | 007,574,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/04/13 06:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/09 13:45:08 | 000,959,104 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/09/28 09:57:04 | 000,489,216 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56747

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.85.20100407
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56747
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15}: C:\Users\Hegemon\AppData\Local\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} [2011/05/14 12:23:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/17 10:06:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 05:21:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 19:34:49 | 000,000,000 | ---D | M]

[2008/09/14 20:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hegemon\AppData\Roaming\Mozilla\Extensions
[2011/05/23 22:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions
[2010/07/04 20:11:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/23 22:54:56 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/05/10 22:13:21 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected]
[2010/05/31 09:39:04 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected]
[2011/05/02 22:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 15:56:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/01 09:51:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/24 10:34:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/17 10:06:59 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/05/14 12:23:27 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\HEGEMON\APPDATA\LOCAL\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15}
[2011/05/10 05:20:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/16 09:32:14 | 000,122,856 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_IEGetPlugin.dll
[2011/05/10 05:20:51 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Symantec PIF AlertEng] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 01yu063 = C:\Windows\TEMP\4r0e.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: wnqdy3 = C:\Users\Hegemon\AppData\Local\Temp\fuj8t.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: oovoo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} http://www.shockwave...eb.1.0.0.21.cab (CPlayFirstFashionDasControl Object)
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://www.shockwave...eb.1.0.0.12.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstChocolatierControl Object)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcopho...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.co...IEGetPlugin.ocx (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://cdn.smugmug.c....1.0-082608.cab (Image Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://www.shockwave...esPlayer_v5.cab (GoBit Games Player)
O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} http://www.shockwave...eb.1.0.0.17.cab (CPlayFirstPetShopHopControl Object)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://archives.game...pWebUpdater.cab (GameTap Web Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://www.shockwave...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E93E9DF0-3E59-4331-A269-F1E077C66F00} http://cnn-5.vo.llnw...er/gtplugin.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcopho...eX_Control.cab? (Photo Upload Plugin Class)
O16 - DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} http://www.shockwave...Web.1.0.0.6.cab (CPlayFirstChocolatieControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/23 11:46:47 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8fecc3ff-083d-11e0-b172-001a70af9407}\Shell - "" = AutoRun
O33 - MountPoints2\{8fecc3ff-083d-11e0-b172-001a70af9407}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/31 19:35:39 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys
[2011/05/31 11:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/05/31 11:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/05/28 08:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/05/28 06:46:51 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/28 06:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/28 06:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/28 06:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/26 18:55:14 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/05/26 18:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/05/26 18:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/05/19 22:59:36 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\Desktop\NEWORLEANS
[2011/05/19 09:24:31 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\Desktop\New Folder
[2011/05/17 11:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/05/17 10:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/17 10:07:24 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/17 10:06:50 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/17 10:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/17 10:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/16 07:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM Links
[2011/05/16 07:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2011/05/16 07:46:27 | 000,145,928 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\killproc.exe
[2011/05/16 07:46:06 | 002,161,672 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\contf64.dll
[2011/05/16 07:46:06 | 001,792,520 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\contfilt.dll
[2011/05/16 07:46:06 | 000,221,704 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwnsp64.dll
[2011/05/16 07:46:06 | 000,186,888 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwnsp.dll
[2011/05/16 07:46:05 | 000,687,624 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwtsp64.dll
[2011/05/16 07:46:05 | 000,580,104 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwtsp.dll
[2011/05/16 07:46:05 | 000,249,352 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\inst_tspx.exe
[2011/05/16 07:46:05 | 000,174,600 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\inst_tsp.exe
[2011/05/16 07:46:05 | 000,137,224 | ---- | C] (MWTI) -- C:\Windows\System32\ZIPDLL.DLL
[2011/05/16 07:46:05 | 000,132,104 | ---- | C] (MWTI) -- C:\Windows\System32\UNZDLL.DLL
[2011/05/16 07:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2011/05/16 07:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\eScan
[2011/05/16 07:45:44 | 149,100,720 | ---- | C] (MicroWorld Technologies Inc. ) -- C:\Users\Hegemon\Desktop\iwn2k3ek.exe
[2011/05/16 07:19:37 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\AppData\Roaming\Malwarebytes
[2011/05/16 07:19:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/16 07:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/16 07:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/16 07:19:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/16 07:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/15 16:12:09 | 001,578,736 | ---- | C] (Piriform Ltd) -- C:\Users\Hegemon\Desktop\CCleaner.exe
[2011/05/15 16:11:59 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\Desktop\Lang
[2011/05/14 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\AppData\Roaming\Avira
[2011/05/14 12:23:26 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\AppData\Local\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15}
[2011/05/07 08:16:26 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\Desktop\HORSECAMP

========== Files - Modified Within 30 Days ==========

[2011/06/02 23:31:24 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/02 23:31:24 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/02 23:27:53 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/02 23:06:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 23:06:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 23:05:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/02 21:20:19 | 2144,686,080 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/02 11:32:06 | 000,870,128 | ---- | M] () -- C:\Users\Hegemon\AppData\Roaming\mcs.rma
[2011/06/02 11:32:06 | 000,000,004 | ---- | M] () -- C:\Users\Hegemon\AppData\Roaming\F20116
[2011/06/02 02:11:05 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/06/02 02:11:05 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/05/31 21:10:01 | 003,295,350 | ---- | M] () -- C:\Users\Hegemon\Desktop\vs.jpg
[2011/05/31 20:57:50 | 000,783,393 | ---- | M] () -- C:\Users\Hegemon\Desktop\thug.jpg
[2011/05/31 20:50:13 | 001,295,450 | ---- | M] () -- C:\Users\Hegemon\Desktop\SPIKE.jpg
[2011/05/29 10:12:43 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 06:46:16 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/28 05:01:13 | 000,000,940 | ---- | M] () -- C:\Users\Hegemon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/26 18:57:26 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/05/26 18:55:15 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/05/22 17:57:27 | 000,047,104 | ---- | M] () -- C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/22 12:05:39 | 000,009,688 | -HS- | M] () -- C:\Users\Hegemon\AppData\Local\aq7ihxrnx8m737xh6m6f4
[2011/05/22 12:05:39 | 000,009,688 | -HS- | M] () -- C:\ProgramData\aq7ihxrnx8m737xh6m6f4
[2011/05/17 10:07:26 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/17 10:07:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/17 09:57:32 | 000,000,680 | ---- | M] () -- C:\Users\Hegemon\AppData\Local\d3d9caps.dat
[2011/05/17 00:54:33 | 000,012,444 | -HS- | M] () -- C:\Users\Hegemon\AppData\Local\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683
[2011/05/17 00:54:33 | 000,012,444 | -HS- | M] () -- C:\ProgramData\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683
[2011/05/16 22:15:22 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 07:50:00 | 000,002,141 | ---- | M] () -- C:\Windows\Win.Bak.Ini
[2011/05/16 07:46:49 | 000,194,492 | ---- | M] () -- C:\Windows\winsbak2.reg
[2011/05/16 07:46:49 | 000,023,946 | ---- | M] () -- C:\Windows\winsbak.reg
[2011/05/16 07:08:06 | 149,100,720 | ---- | M] (MicroWorld Technologies Inc. ) -- C:\Users\Hegemon\Desktop\iwn2k3ek.exe
[2011/05/15 23:27:34 | 000,011,974 | -HS- | M] () -- C:\ProgramData\2410374534
[2011/05/15 20:21:19 | 000,009,177 | ---- | M] () -- C:\Users\Hegemon\AppData\Roaming\EE64.B7F
[2011/05/15 19:29:30 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2011/05/15 08:53:13 | 000,000,000 | ---- | M] () -- C:\Users\Hegemon\AppData\Roaming\chrtmp
[2011/05/15 08:53:08 | 000,000,226 | ---- | M] () -- C:\Windows\System32\delme.bat
[2011/05/14 12:23:28 | 000,000,120 | ---- | M] () -- C:\Users\Hegemon\AppData\Local\Elawof.dat
[2011/05/14 12:23:28 | 000,000,000 | ---- | M] () -- C:\Users\Hegemon\AppData\Local\Gjiboy.bin
[2011/05/11 20:26:13 | 000,377,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/10 05:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 05:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/06/02 20:44:07 | 2144,686,080 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/02 08:39:51 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/05/31 21:09:59 | 003,295,350 | ---- | C] () -- C:\Users\Hegemon\Desktop\vs.jpg
[2011/05/31 20:57:50 | 000,783,393 | ---- | C] () -- C:\Users\Hegemon\Desktop\thug.jpg
[2011/05/31 20:50:12 | 001,295,450 | ---- | C] () -- C:\Users\Hegemon\Desktop\SPIKE.jpg
[2011/05/29 10:12:43 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/28 06:46:16 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/26 18:55:15 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/05/22 07:28:41 | 000,009,688 | -HS- | C] () -- C:\Users\Hegemon\AppData\Local\aq7ihxrnx8m737xh6m6f4
[2011/05/22 07:28:41 | 000,009,688 | -HS- | C] () -- C:\ProgramData\aq7ihxrnx8m737xh6m6f4
[2011/05/17 10:07:26 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/17 09:57:32 | 000,000,680 | ---- | C] () -- C:\Users\Hegemon\AppData\Local\d3d9caps.dat
[2011/05/16 07:46:49 | 000,194,492 | ---- | C] () -- C:\Windows\winsbak2.reg
[2011/05/16 07:46:49 | 000,023,946 | ---- | C] () -- C:\Windows\winsbak.reg
[2011/05/16 07:46:04 | 000,338,176 | ---- | C] () -- C:\Windows\System32\wget.exe
[2011/05/16 07:46:04 | 000,293,896 | ---- | C] () -- C:\Windows\System32\curl.exe
[2011/05/16 07:46:04 | 000,172,040 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/05/16 07:45:56 | 000,002,141 | ---- | C] () -- C:\Windows\Win.Bak.Ini
[2011/05/16 07:19:30 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/15 23:27:04 | 000,012,444 | -HS- | C] () -- C:\Users\Hegemon\AppData\Local\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683
[2011/05/15 23:27:04 | 000,011,974 | -HS- | C] () -- C:\ProgramData\2410374534
[2011/05/15 22:07:24 | 000,012,444 | -HS- | C] () -- C:\ProgramData\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683
[2011/05/15 08:53:13 | 000,000,000 | ---- | C] () -- C:\Users\Hegemon\AppData\Roaming\chrtmp
[2011/05/15 08:53:08 | 000,000,226 | ---- | C] () -- C:\Windows\System32\delme.bat
[2011/05/14 12:23:28 | 000,000,120 | ---- | C] () -- C:\Users\Hegemon\AppData\Local\Elawof.dat
[2011/05/14 12:23:28 | 000,000,000 | ---- | C] () -- C:\Users\Hegemon\AppData\Local\Gjiboy.bin
[2011/05/14 12:23:18 | 000,009,177 | ---- | C] () -- C:\Users\Hegemon\AppData\Roaming\EE64.B7F
[2011/05/10 05:21:31 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/08 10:07:30 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/08 10:07:30 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/12/26 14:30:47 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/05/12 09:45:50 | 000,121,318 | ---- | C] () -- C:\Windows\HPHins15.dat
[2010/05/12 09:45:50 | 000,002,885 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2010/01/04 12:43:49 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2010/01/04 12:30:00 | 000,179,441 | ---- | C] () -- C:\Windows\hpwins14.dat
[2010/01/04 12:30:00 | 000,001,108 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2010/01/02 15:45:52 | 000,001,056 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/12/16 22:51:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/08 20:05:57 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/12/08 20:05:57 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/12/08 20:05:57 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/12/05 10:26:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/12/05 10:26:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/04 20:16:26 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/11/17 00:16:58 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/11/17 00:16:58 | 000,000,088 | RHS- | C] () -- C:\ProgramData\D1CEAE08F7.sys
[2009/11/07 21:25:10 | 000,933,208 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2009/11/07 21:24:08 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2009/05/28 10:09:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/11 11:06:12 | 000,000,000 | ---- | C] () -- C:\Users\Hegemon\AppData\Roaming\wklnhst.dat
[2009/04/11 10:44:34 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/03/15 18:57:23 | 000,000,004 | ---- | C] () -- C:\Users\Hegemon\AppData\Roaming\F20116
[2009/03/15 18:57:22 | 000,870,128 | ---- | C] () -- C:\Users\Hegemon\AppData\Roaming\mcs.rma
[2008/10/03 21:47:14 | 000,000,446 | ---- | C] () -- C:\Windows\yukon.ini
[2008/04/07 18:13:38 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2008/04/02 21:38:05 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008/04/02 21:38:04 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008/02/28 21:33:36 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\D1CEAE08F7.sys
[2008/02/28 21:33:35 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/11/16 21:13:29 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2007/11/15 21:08:47 | 000,047,104 | ---- | C] () -- C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/28 19:38:21 | 000,000,000 | ---- | C] () -- C:\Users\Hegemon\AppData\Roaming\AVSDVDPlayer.m3u
[2007/08/28 19:30:47 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/08/28 19:30:47 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/08/25 21:41:11 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2007/08/25 18:30:26 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/08/13 23:28:07 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/08/13 20:37:57 | 000,000,859 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2007/06/23 11:39:04 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/06/23 11:30:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/06/23 11:22:39 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/06/23 11:19:53 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/06/23 11:19:53 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 01:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 07:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 07:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,377,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 23:37:21 | 000,011,376 | ---- | C] () -- C:\Windows\System32\drivers\secdrv.sys
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/03/11 23:53:59 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\1morebee
[2011/03/22 19:27:11 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\acccore
[2010/06/09 21:59:02 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Anthropics
[2010/02/14 23:18:53 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\EleFun Games
[2010/06/18 09:16:33 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\freshgames
[2008/10/12 20:11:06 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Gaijin Ent
[2010/04/29 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Gamelab
[2010/06/02 09:50:42 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\GetRightToGo
[2009/11/07 21:24:03 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\iolo
[2009/08/18 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Leadertech
[2010/12/28 14:19:38 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\My Games
[2009/04/19 00:25:18 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\ooVoo Details
[2008/01/06 18:54:24 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Opera
[2011/01/13 00:25:54 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\PlayFirst
[2010/12/12 22:37:07 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Pogo Games
[2007/12/30 18:09:27 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Snapfish
[2009/05/11 11:06:13 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Template
[2010/09/07 08:19:55 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\WinBatch
[2011/06/02 23:27:53 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/06/02 23:26:53 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 442 bytes -> C:\Windows\System32\drivers\juxguhhj.sys:changelist
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:261B2A7E
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:CBCF563D
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:25EFDD27
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:3D857D30
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:FB2DC8A5
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:8F84BF39
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:12CF331A
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:68FB0053
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C210B4D5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:30759574
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9EE2AB9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B12FF3F2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4FBF8BD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E23D0CEC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFD2D4A7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFB5119F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AD7C3EFB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5AEA68EE
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:26FE5B17
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D6C31E03
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2BAAE818
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DF0F61BB
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8F16601E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:837546C7
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BF5EAC0C
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6371CFDB
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9C6A9B00
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C4671424
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:42D29305
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F798BF2E

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what variant you have - on completion of this run can you let me know what problems still remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56747
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 56747
    FF - prefs.js..network.proxy.type: 0
    [2011/05/14 12:23:27 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\HEGEMON\APPDATA\LOCAL\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15}
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 01yu063 = C:\Windows\TEMP\4r0e.exe
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: wnqdy3 = C:\Users\Hegemon\AppData\Local\Temp\fuj8t.exe
    [2011/05/22 12:05:39 | 000,009,688 | -HS- | M] () -- C:\Users\Hegemon\AppData\Local\aq7ihxrnx8m737xh6m6f4
    [2011/05/22 12:05:39 | 000,009,688 | -HS- | M] () -- C:\ProgramData\aq7ihxrnx8m737xh6m6f4
    [2011/05/17 00:54:33 | 000,012,444 | -HS- | M] () -- C:\Users\Hegemon\AppData\Local\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683
    [2011/05/17 00:54:33 | 000,012,444 | -HS- | M] () -- C:\ProgramData\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683
    [2011/05/14 12:23:28 | 000,000,120 | ---- | M] () -- C:\Users\Hegemon\AppData\Local\Elawof.dat
    [2011/05/14 12:23:28 | 000,000,000 | ---- | M] () -- C:\Users\Hegemon\AppData\Local\Gjiboy.bin
    @Alternate Data Stream - 442 bytes -> C:\Windows\System32\drivers\juxguhhj.sys:changelist

    :Files
    ipconfig /flushdns /c
    C:\Users\Hegemon\AppData\Local\aq7ihxrnx8m737xh6m6f4
    C:\ProgramData\aq7ihxrnx8m737xh6m6f4
    c:\Users\Hegemon\AppData\Local\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683
    C:\ProgramData\2410374534
    C:\ProgramData\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL logfile created on: 6/3/2011 11:08:46 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Hegemon\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.36% Memory free
4.23 Gb Paging File | 3.00 Gb Available in Paging File | 70.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.71 Gb Total Space | 262.42 Gb Free Space | 72.15% Space Free | Partition Type: NTFS
Drive D: | 8.90 Gb Total Space | 1.00 Gb Free Space | 11.25% Space Free | Partition Type: NTFS

Computer Name: HEGEMON-PC | User Name: Hegemon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/03 23:08:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Hegemon\Downloads\OTL.com
PRC - [2011/05/23 08:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/13 02:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/05/10 05:20:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/27 03:32:55 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/10/12 09:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe


========== Modules (SafeList) ==========

MOD - [2011/06/03 23:08:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Hegemon\Downloads\OTL.com
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (getPlusHelper)
SRV - [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/27 03:32:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/06 18:16:54 | 000,712,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009/02/06 18:16:54 | 000,712,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2007/10/12 09:34:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/09/11 16:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 16:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 15:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 15:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 10:32:28 | 000,208,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/08/31 23:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 09:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/09 15:26:50 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/04/02 21:38:05 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/04/02 21:38:04 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/27 17:59:00 | 007,574,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/04/13 06:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/09 13:45:08 | 000,959,104 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/09/28 09:57:04 | 000,489,216 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.85.20100407


FF - HKLM\software\mozilla\Firefox\Extensions\\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15}: C:\Users\Hegemon\AppData\Local\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15}
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/17 10:06:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 05:21:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 19:34:49 | 000,000,000 | ---D | M]

[2008/09/14 20:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hegemon\AppData\Roaming\Mozilla\Extensions
[2011/06/03 23:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions
[2010/07/04 20:11:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/23 22:54:56 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/06/03 23:07:14 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected]
[2010/05/31 09:39:04 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected]
[2011/05/02 22:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 15:56:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/01 09:51:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/24 10:34:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/17 10:06:59 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/05/10 05:20:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/16 09:32:14 | 000,122,856 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_IEGetPlugin.dll
[2011/05/10 05:20:51 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/03 23:01:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Symantec PIF AlertEng] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: oovoo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} http://www.shockwave...eb.1.0.0.21.cab (CPlayFirstFashionDasControl Object)
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://www.shockwave...eb.1.0.0.12.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstChocolatierControl Object)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcopho...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.co...IEGetPlugin.ocx (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://cdn.smugmug.c....1.0-082608.cab (Image Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://www.shockwave...esPlayer_v5.cab (GoBit Games Player)
O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} http://www.shockwave...eb.1.0.0.17.cab (CPlayFirstPetShopHopControl Object)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://archives.game...pWebUpdater.cab (GameTap Web Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://www.shockwave...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E93E9DF0-3E59-4331-A269-F1E077C66F00} http://cnn-5.vo.llnw...er/gtplugin.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcopho...eX_Control.cab? (Photo Upload Plugin Class)
O16 - DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} http://www.shockwave...Web.1.0.0.6.cab (CPlayFirstChocolatieControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/23 11:46:47 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8fecc3ff-083d-11e0-b172-001a70af9407}\Shell - "" = AutoRun
O33 - MountPoints2\{8fecc3ff-083d-11e0-b172-001a70af9407}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/03 23:00:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/31 19:35:39 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys
[2011/05/31 11:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/05/31 11:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/05/28 08:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/05/28 06:46:51 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/28 06:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/28 06:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/28 06:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/26 18:55:14 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/05/26 18:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/05/26 18:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/05/19 22:59:36 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\Desktop\NEWORLEANS
[2011/05/19 09:24:31 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\Desktop\New Folder
[2011/05/17 11:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/05/17 10:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/17 10:07:24 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/17 10:06:50 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/17 10:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/17 10:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/16 07:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM Links
[2011/05/16 07:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2011/05/16 07:46:27 | 000,145,928 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\killproc.exe
[2011/05/16 07:46:06 | 002,161,672 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\contf64.dll
[2011/05/16 07:46:06 | 001,792,520 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\contfilt.dll
[2011/05/16 07:46:06 | 000,221,704 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwnsp64.dll
[2011/05/16 07:46:06 | 000,186,888 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwnsp.dll
[2011/05/16 07:46:05 | 000,687,624 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwtsp64.dll
[2011/05/16 07:46:05 | 000,580,104 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwtsp.dll
[2011/05/16 07:46:05 | 000,249,352 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\inst_tspx.exe
[2011/05/16 07:46:05 | 000,174,600 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\inst_tsp.exe
[2011/05/16 07:46:05 | 000,137,224 | ---- | C] (MWTI) -- C:\Windows\System32\ZIPDLL.DLL
[2011/05/16 07:46:05 | 000,132,104 | ---- | C] (MWTI) -- C:\Windows\System32\UNZDLL.DLL
[2011/05/16 07:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2011/05/16 07:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\eScan
[2011/05/16 07:45:44 | 149,100,720 | ---- | C] (MicroWorld Technologies Inc. ) -- C:\Users\Hegemon\Desktop\iwn2k3ek.exe
[2011/05/16 07:19:37 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\AppData\Roaming\Malwarebytes
[2011/05/16 07:19:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/16 07:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/16 07:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/16 07:19:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/16 07:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/15 16:12:09 | 001,578,736 | ---- | C] (Piriform Ltd) -- C:\Users\Hegemon\Desktop\CCleaner.exe
[2011/05/15 16:11:59 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\Desktop\Lang
[2011/05/14 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\AppData\Roaming\Avira
[2011/05/07 08:16:26 | 000,000,000 | ---D | C] -- C:\Users\Hegemon\Desktop\HORSECAMP

========== Files - Modified Within 30 Days ==========

[2011/06/03 23:12:13 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/03 23:12:13 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/03 23:05:17 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/03 23:04:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 23:04:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 23:04:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/03 23:04:36 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/03 23:01:00 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/02 11:32:06 | 000,870,128 | ---- | M] () -- C:\Users\Hegemon\AppData\Roaming\mcs.rma
[2011/06/02 11:32:06 | 000,000,004 | ---- | M] () -- C:\Users\Hegemon\AppData\Roaming\F20116
[2011/06/02 02:11:05 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/06/02 02:11:05 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/05/31 21:10:01 | 003,295,350 | ---- | M] () -- C:\Users\Hegemon\Desktop\vs.jpg
[2011/05/31 20:57:50 | 000,783,393 | ---- | M] () -- C:\Users\Hegemon\Desktop\thug.jpg
[2011/05/31 20:50:13 | 001,295,450 | ---- | M] () -- C:\Users\Hegemon\Desktop\SPIKE.jpg
[2011/05/29 10:12:43 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 06:46:16 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/28 05:01:13 | 000,000,940 | ---- | M] () -- C:\Users\Hegemon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/26 18:57:26 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/05/26 18:55:15 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/05/22 17:57:27 | 000,047,104 | ---- | M] () -- C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/17 10:07:26 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/17 10:07:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/17 09:57:32 | 000,000,680 | ---- | M] () -- C:\Users\Hegemon\AppData\Local\d3d9caps.dat
[2011/05/16 22:15:22 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 07:50:00 | 000,002,141 | ---- | M] () -- C:\Windows\Win.Bak.Ini
[2011/05/16 07:46:49 | 000,194,492 | ---- | M] () -- C:\Windows\winsbak2.reg
[2011/05/16 07:46:49 | 000,023,946 | ---- | M] () -- C:\Windows\winsbak.reg
[2011/05/16 07:08:06 | 149,100,720 | ---- | M] (MicroWorld Technologies Inc. ) -- C:\Users\Hegemon\Desktop\iwn2k3ek.exe
[2011/05/15 20:21:19 | 000,009,177 | ---- | M] () -- C:\Users\Hegemon\AppData\Roaming\EE64.B7F
[2011/05/15 19:29:30 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2011/05/15 08:53:13 | 000,000,000 | ---- | M] () -- C:\Users\Hegemon\AppData\Roaming\chrtmp
[2011/05/15 08:53:08 | 000,000,226 | ---- | M] () -- C:\Windows\System32\delme.bat
[2011/05/11 20:26:13 | 000,377,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/10 05:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 05:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/06/02 20:44:07 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/02 08:39:51 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/05/31 21:09:59 | 003,295,350 | ---- | C] () -- C:\Users\Hegemon\Desktop\vs.jpg
[2011/05/31 20:57:50 | 000,783,393 | ---- | C] () -- C:\Users\Hegemon\Desktop\thug.jpg
[2011/05/31 20:50:12 | 001,295,450 | ---- | C] () -- C:\Users\Hegemon\Desktop\SPIKE.jpg
[2011/05/29 10:12:43 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/28 06:46:16 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/26 18:55:15 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/05/17 10:07:26 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/17 09:57:32 | 000,000,680 | ---- | C] () -- C:\Users\Hegemon\AppData\Local\d3d9caps.dat
[2011/05/16 07:46:49 | 000,194,492 | ---- | C] () -- C:\Windows\winsbak2.reg
[2011/05/16 07:46:49 | 000,023,946 | ---- | C] () -- C:\Windows\winsbak.reg
[2011/05/16 07:46:04 | 000,338,176 | ---- | C] () -- C:\Windows\System32\wget.exe
[2011/05/16 07:46:04 | 000,293,896 | ---- | C] () -- C:\Windows\System32\curl.exe
[2011/05/16 07:46:04 | 000,172,040 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/05/16 07:45:56 | 000,002,141 | ---- | C] () -- C:\Windows\Win.Bak.Ini
[2011/05/16 07:19:30 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/15 08:53:13 | 000,000,000 | ---- | C] () -- C:\Users\Hegemon\AppData\Roaming\chrtmp
[2011/05/15 08:53:08 | 000,000,226 | ---- | C] () -- C:\Windows\System32\delme.bat
[2011/05/14 12:23:18 | 000,009,177 | ---- | C] () -- C:\Users\Hegemon\AppData\Roaming\EE64.B7F
[2011/05/10 05:21:31 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/08 10:07:30 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/08 10:07:30 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/12/26 14:30:47 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/05/12 09:45:50 | 000,121,318 | ---- | C] () -- C:\Windows\HPHins15.dat
[2010/05/12 09:45:50 | 000,002,885 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2010/01/04 12:43:49 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2010/01/04 12:30:00 | 000,179,441 | ---- | C] () -- C:\Windows\hpwins14.dat
[2010/01/04 12:30:00 | 000,001,108 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2010/01/02 15:45:52 | 000,001,056 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/12/16 22:51:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/08 20:05:57 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/12/08 20:05:57 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/12/08 20:05:57 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/12/05 10:26:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/12/05 10:26:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/04 20:16:26 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/11/17 00:16:58 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/11/17 00:16:58 | 000,000,088 | RHS- | C] () -- C:\ProgramData\D1CEAE08F7.sys
[2009/11/07 21:25:10 | 000,933,208 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2009/11/07 21:24:08 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2009/05/28 10:09:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/11 11:06:12 | 000,000,000 | ---- | C] () -- C:\Users\Hegemon\AppData\Roaming\wklnhst.dat
[2009/04/11 10:44:34 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/03/15 18:57:23 | 000,000,004 | ---- | C] () -- C:\Users\Hegemon\AppData\Roaming\F20116
[2009/03/15 18:57:22 | 000,870,128 | ---- | C] () -- C:\Users\Hegemon\AppData\Roaming\mcs.rma
[2008/10/03 21:47:14 | 000,000,446 | ---- | C] () -- C:\Windows\yukon.ini
[2008/04/07 18:13:38 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2008/04/02 21:38:05 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008/04/02 21:38:04 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008/02/28 21:33:36 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\D1CEAE08F7.sys
[2008/02/28 21:33:35 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/11/16 21:13:29 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2007/11/15 21:08:47 | 000,047,104 | ---- | C] () -- C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/28 19:38:21 | 000,000,000 | ---- | C] () -- C:\Users\Hegemon\AppData\Roaming\AVSDVDPlayer.m3u
[2007/08/28 19:30:47 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/08/28 19:30:47 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/08/25 21:41:11 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2007/08/25 18:30:26 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/08/13 23:28:07 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/08/13 20:37:57 | 000,000,859 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2007/06/23 11:39:04 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/06/23 11:30:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/06/23 11:22:39 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/06/23 11:19:53 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/06/23 11:19:53 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 01:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 07:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 07:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,377,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 23:37:21 | 000,011,376 | ---- | C] () -- C:\Windows\System32\drivers\secdrv.sys
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/03/11 23:53:59 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\1morebee
[2011/03/22 19:27:11 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\acccore
[2010/06/09 21:59:02 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Anthropics
[2010/02/14 23:18:53 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\EleFun Games
[2010/06/18 09:16:33 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\freshgames
[2008/10/12 20:11:06 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Gaijin Ent
[2010/04/29 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Gamelab
[2010/06/02 09:50:42 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\GetRightToGo
[2009/11/07 21:24:03 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\iolo
[2009/08/18 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Leadertech
[2010/12/28 14:19:38 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\My Games
[2009/04/19 00:25:18 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\ooVoo Details
[2008/01/06 18:54:24 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Opera
[2011/01/13 00:25:54 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\PlayFirst
[2010/12/12 22:37:07 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Pogo Games
[2007/12/30 18:09:27 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Snapfish
[2009/05/11 11:06:13 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\Template
[2010/09/07 08:19:55 | 000,000,000 | ---D | M] -- C:\Users\Hegemon\AppData\Roaming\WinBatch
[2011/06/03 23:05:17 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/06/03 23:02:52 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:261B2A7E
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:CBCF563D
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:25EFDD27
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:3D857D30
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:FB2DC8A5
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:8F84BF39
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:12CF331A
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:68FB0053
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C210B4D5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:30759574
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9EE2AB9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B12FF3F2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4FBF8BD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E23D0CEC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFD2D4A7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFB5119F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AD7C3EFB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5AEA68EE
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:26FE5B17
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D6C31E03
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2BAAE818
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DF0F61BB
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8F16601E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:837546C7
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BF5EAC0C
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6371CFDB
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9C6A9B00
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C4671424
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:42D29305
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F798BF2E

< End of report >





Attached the Aswbr file. Thank you so much! I am so grateful for your help!

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK 'tis TDL4 - once aswMBR has done its thing it may appear to hang - just reboot. This only happens sometimes but it is something to be aware of

Once done can you let me know what problems you are having

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button

Posted Image


Save the log as before and post in your next reply
  • 0

#5
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I'm listing the problems prior to running this latest request.

1. Popups in Firefox. Security Center still shut down. Computer crashed once.

When I rebooted in safe mode with networking to get back to this site, it is making Firefox very 'sticky' on its downloads. Meaning I am trying to redownload aswMBR and its stuck on 66%.

Rebooting now after repair.
  • 0

#6
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Okay restarted after fix. Vista Security System still wont start. In safe mode with networking no popups in safe mode.

Attached Files


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets progress now - the system should have speeded up slightly, although I feel you may still be having problems with FF, do the same problems appear in IE ? Run this from normal mode please

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#8
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Will do, but I can't run in normal mode now. It gets to the login screen and then crashes, I can still open in Safe Mode with Networking. It has been doing this ever since I ran the fix tool.
  • 0

#9
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Also the only virus software that seems to be running in safe mode was Adaware, at least in the system tray. The others are not in the system tray.
  • 0

#10
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
So I am unable to disable all of the anti virus, I tried to go through the task manager and it doesnt have the virus stuff listed, but the combo fix keeps recognizing that they are turned on. I tried starting all of the programs and disabling them but they already appear to be disabled by the virus. Not sure what to do now!
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Combofix will probably give a warning with a yes no option

Allow combofix to run

When the system crashes what error do you get
  • 0

#12
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
It gives no error message it just goes to the black screen that asks me how I want to start up, and says that Windows did not shut down properly, it keeps doing that over and over when you try to start it normally.

The Combo Fix says access denied even though I ran it as administrator. It says that it needs Administrator command prompts to continue and it is stuck on trying to create a new restore point.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you select last known good on the black screen and let me know if that allows you in

If it does could you run a fresh OTL log ensuring all users is selected..

If it fails

Download AVP Tool

First we will run a virus scan

On the first tab select all elements down to and including Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#14
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Okay so it ran the scan it just took a while, but it did say the admin was blocking sections, but it finished.

Still will not start up in normal mode.

ComboFix 11-06-05.01 - Hegemon 06/05/2011 9:58.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.1228 [GMT -7:00]
Running from: c:\users\Hegemon\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hegemon\AppData\Roaming\chrtmp
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\AutoRun.inf
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\plugs
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\shed
c:\windows\system32\delme.bat
c:\windows\system32\windows
.
.
((((((((((((((((((((((((( Files Created from 2011-05-05 to 2011-06-05 )))))))))))))))))))))))))))))))
.
.
2011-06-05 17:05 . 2011-06-05 17:05 -------- d-----w- c:\users\Hegemon\AppData\Local\temp
2011-06-05 17:05 . 2011-06-05 17:05 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-06-05 17:05 . 2011-06-05 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-04 06:00 . 2011-06-04 06:00 -------- d-----w- C:\_OTL
2011-06-01 02:35 . 2010-05-26 17:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-05-31 18:00 . 2011-05-31 18:00 -------- d-----w- c:\program files\Sophos
2011-05-28 15:48 . 2011-05-28 15:48 -------- d-----w- c:\programdata\WindowsSearch
2011-05-28 13:46 . 2011-05-28 13:46 -------- d-----w- c:\users\Hegemon\AppData\Roaming\SUPERAntiSpyware.com
2011-05-28 13:46 . 2011-05-28 13:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-28 13:46 . 2011-05-28 13:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-16 14:46 . 2011-05-16 14:46 -------- d-----w- c:\programdata\OEM Links
2011-05-16 14:19 . 2011-05-16 14:19 -------- d-----w- c:\users\Hegemon\AppData\Roaming\Malwarebytes
2011-05-16 14:19 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 14:19 . 2011-05-16 14:19 -------- d-----w- c:\programdata\Malwarebytes
2011-05-16 14:19 . 2011-06-03 01:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-16 14:19 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-16 05:06 . 2011-05-16 05:06 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-05-15 10:24 . 2011-05-15 10:24 41680 ----a-w- c:\windows\system32\drivers\juxguhhj.sys
2011-05-14 19:29 . 2011-05-14 19:29 -------- d-----w- c:\users\Hegemon\AppData\Roaming\Avira
2011-05-13 09:01 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC5EFCE8-36EE-4593-8180-B7A29EDB7476}\mpengine.dll
2011-05-11 10:18 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-10 12:20 . 2011-05-10 12:20 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-10 12:20 . 2011-05-10 12:20 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-10 12:20 . 2011-05-10 12:20 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-10 12:20 . 2011-05-10 12:20 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-10 12:20 . 2011-05-10 12:20 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-10 12:20 . 2011-05-10 12:20 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-10 12:20 . 2011-05-10 12:20 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-10 12:20 . 2011-05-10 12:20 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-27 01:57 . 2010-12-26 21:30 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-10 12:10 . 2007-11-01 02:16 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2008-04-03 04:52 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2007-11-01 02:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2007-11-01 02:16 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2007-11-01 02:16 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2008-04-03 04:52 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-12 21:55 . 2011-04-28 05:56 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-14 10:21 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 10:21 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-05-10 12:20 . 2011-05-10 12:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 05:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2006-09-28 13:42 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-08-28 00:59 8473120 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-08-28 00:59 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-08-28 00:59 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-01 15:38 4390912 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-03-19 15:55 460216 ----a-w- c:\windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 09:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: oovoo.com\www
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://www.shockwave.com/content/fashiondash/sis/fashiondashweb.1.0.0.21.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
DPF: {E93E9DF0-3E59-4331-A269-F1E077C66F00} - hxxp://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://www.shockwave.com/content/chocolatierdecadence/sis/Chocolatier3Web.1.0.0.6.cab
FF - ProfilePath - c:\users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
AddRemove-_{A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0}
AddRemove-{459E93B6-150E-45d5-8D4B-45C66FC035FE} - c:\program files\NOS\bin\getPlus_Helper.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-05 10:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\pluginreg.dat.bak 15741 bytes
c:\users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\prefs.js.BAK 33788 bytes
c:\users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\user.js.BAK 138 bytes
.
scan completed successfully
hidden files: 3
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\D9AE.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e1,0b,17,0e,59,2a,34,25,5f,11,27,72,77,4f,08,4e,ce,15,10,f7,f8,72,2d,
02,3c,4b,2a,30,16,48,c9,ae,8c,2b,80,f6,f0,89,ff,3f,fa,2f,a6,23,81,59,b9,fb,\
"??"=hex:da,32,f3,87,b3,26,d9,cc,3e,ba,c0,6b,a3,04,b8,44
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-05 10:06:29
ComboFix-quarantined-files.txt 2011-06-05 17:06
.
Pre-Run: 282,671,099,904 bytes free
Post-Run: 282,845,057,024 bytes free
.
- - End Of File - - 47A760C2342EC5523A0EFFE06CAD2E0A

Attached Files

  • Attached File  log.txt   14.43KB   94 downloads

  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Were you able to select last known good on the safe mode menu

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Run OTL with the following pasted in the custom scan and fixes box. Then press quick scan

/md5start
volsnap.*
/md5stop

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP