Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan:Win32/Alureon.gen!AD - need help removing


  • This topic is locked This topic is locked

#1
sgregory59

sgregory59

    New Member

  • Member
  • Pip
  • 7 posts
Somehow my antivirus got turned off and my computer was infected. The Trojan is the only one I couldn't get rid of using Windows Defender. Defender detects it and I have repeatedly tried to remove or quarantine it, but it won't go away. I am a complete newbie to fixing things on my computer, but I can follow explicit directions. Can anyone help me? Thanks!

This is the OTL scan results:

OTL logfile created on: 8/7/2011 2:55:41 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\sgregory\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 40.29% Memory free
6.18 Gb Paging File | 4.33 Gb Available in Paging File | 70.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 447.70 Gb Total Space | 412.52 Gb Free Space | 92.14% Space Free | Partition Type: NTFS

Computer Name: MOMSCOMPUTER | User Name: sgregory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/07 14:53:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\sgregory\Downloads\OTL.exe
PRC - [2011/06/24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/06/23 13:40:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/28 14:46:56 | 003,380,624 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/30 22:00:05 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/13 09:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/06/27 08:18:40 | 000,215,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2007/06/27 08:18:20 | 000,293,080 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2007/06/27 08:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007/06/27 08:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007/06/27 08:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2007/06/27 08:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007/06/27 08:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007/06/27 08:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007/06/27 08:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007/06/27 08:13:56 | 000,268,504 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2007/06/12 16:50:30 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/06/12 16:50:28 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/05/29 09:25:56 | 000,067,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
PRC - [2007/02/12 09:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/09/01 07:12:58 | 000,074,240 | ---- | M] () -- C:\Program Files\Lenovo\file32\hotkey.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 14:53:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\sgregory\Downloads\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (FreeAgentGoNext Service)
SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/30 22:00:05 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/21 07:53:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/07/23 13:06:30 | 000,092,048 | ---- | M] (Lenovo Software (Beijing) Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\PowerDial\LitModeCtrl.exe -- (LitModeCtrl)
SRV - [2007/06/27 08:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/06/27 08:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/06/27 08:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/06/27 08:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/06/27 08:15:28 | 000,039,640 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/06/27 08:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/06/27 08:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/06/27 08:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/06/12 16:50:30 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/29 09:25:56 | 000,067,088 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe -- (OKAV Agent Service)
SRV - [2007/02/12 09:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/08/06 11:37:29 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cujkzemp.sys -- (cujkzemp)
DRV - [2011/08/05 20:06:04 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\manrlapr.sys -- (manrlapr)
DRV - [2011/08/05 20:04:09 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\nenspqnu.sys -- (nenspqnu)
DRV - [2011/07/31 16:49:10 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\oziwsnwi.sys -- (oziwsnwi)
DRV - [2011/07/31 14:06:42 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\lvmnjtti.sys -- (lvmnjtti)
DRV - [2011/07/31 14:02:33 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\qijaozui.sys -- (qijaozui)
DRV - [2011/06/17 12:37:08 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/17 12:37:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/14 23:32:54 | 000,231,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2011/01/25 18:14:16 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2011/01/25 18:14:02 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2011/01/25 18:13:52 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/31 13:23:14 | 000,014,680 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\safnt.sys -- (safnt)
DRV - [2009/07/14 21:44:22 | 001,443,584 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/04/10 23:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_VISTA)
DRV - [2008/03/13 21:00:22 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2007/10/12 01:35:39 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/06/27 08:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/05/11 06:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/05/10 07:43:24 | 000,024,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ntdisk.sys -- (ntdisk)
DRV - [2007/04/17 18:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/02/18 18:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com.cn/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.iobit.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62586

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://centurytel.myway.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.4
FF - prefs.js..extensions.enabledItems: [email protected]:4.4
FF - prefs.js..extensions.enabledItems: [email protected]:4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {2c088200-b973-11db-8314-0800200c9a66}:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20110608
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/23 07:47:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Toolbar\Firefox\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 13:40:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 16:40:41 | 000,000,000 | ---D | M]

[2008/11/23 20:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sgregory\AppData\Roaming\mozilla\Extensions
[2011/07/06 21:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sgregory\AppData\Roaming\mozilla\Firefox\Profiles\7gds8ms8.default\extensions
[2010/05/30 18:51:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sgregory\AppData\Roaming\mozilla\Firefox\Profiles\7gds8ms8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/28 17:33:25 | 000,000,000 | ---D | M] (Harley Davidson) -- C:\Users\sgregory\AppData\Roaming\mozilla\Firefox\Profiles\7gds8ms8.default\extensions\{2c088200-b973-11db-8314-0800200c9a66}
[2011/07/15 17:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/02 17:44:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/06 16:33:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/08/21 23:33:10 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2011/07/15 17:23:58 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/07/15 17:23:58 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
() (No name found) -- C:\USERS\SGREGORY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7GDS8MS8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SGREGORY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7GDS8MS8.DEFAULT\EXTENSIONS\[email protected]
[2011/06/23 13:40:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/06 16:33:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/06/18 16:40:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/06/02 20:47:12 | 000,228,501 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 .supercocklol.com
O1 - Hosts: 127.0.0.1 www..webloyalty.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 www.139mm.com
O1 - Hosts: 127.0.0.1 139mm.com
O1 - Hosts: 8007 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSCMig] File not found
O4 - HKLM..\Run: [ISUSPM] File not found
O4 - HKLM..\Run: [Lenovokey] C:\Program Files\Lenovo\file32\hotkey.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] File not found
O4 - HKLM..\Run: [ModeSwitch] C:\Program Files\Lenovo\PowerDial\LitModeSwitch.exe (Lenovo Software (Beijing) Limited)
O4 - HKLM..\Run: [multitray] C:\Program Files\Lenovo\MultiRecover\loadtray.exe ()
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] File not found
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_Plugin.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found
O12 - Plugin for: .spop - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img9.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img9.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (D:\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (D:\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/05 20:41:32 | 000,000,000 | ---D | C] -- C:\15e1986cf2ce8b509ce367b5a6a2
[2011/07/24 14:19:00 | 000,000,000 | ---D | C] -- C:\Users\sgregory\AppData\Roaming\Windows Live Writer
[2011/07/24 14:19:00 | 000,000,000 | ---D | C] -- C:\Users\sgregory\AppData\Local\Windows Live Writer
[2011/07/15 17:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/07/15 17:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/07 14:14:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 13:18:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/07 13:18:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 16:14:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/05 20:42:26 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/05 18:02:09 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011/08/05 17:59:59 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for sgregory.job
[2011/07/31 13:23:21 | 000,371,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/31 13:23:21 | 000,125,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/31 13:19:02 | 000,000,162 | ---- | M] () -- C:\okav_win.cfg
[2011/07/31 13:18:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/30 15:12:50 | 000,002,627 | ---- | M] () -- C:\Users\sgregory\Desktop\Microsoft Office Word 2007.lnk
[2011/07/24 12:42:51 | 000,002,136 | ---- | M] () -- C:\Users\sgregory\AppData\Roaming\F44C.35A
[2011/07/17 03:19:21 | 000,000,943 | ---- | M] () -- C:\Users\sgregory\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/16 17:51:29 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/07/16 17:51:29 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/07/16 17:51:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/07/14 03:20:07 | 000,389,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/05 20:42:26 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/24 12:39:26 | 000,002,136 | ---- | C] () -- C:\Users\sgregory\AppData\Roaming\F44C.35A
[2011/07/16 17:51:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/04/28 17:42:49 | 000,024,206 | ---- | C] () -- C:\Users\sgregory\AppData\Roaming\UserTile.png
[2009/12/01 04:01:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/30 21:22:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/30 21:22:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/18 19:55:46 | 000,116,840 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008/12/13 23:54:23 | 000,004,690 | ---- | C] () -- C:\Windows\xnview.ini
[2008/08/08 14:34:42 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008/08/08 11:32:10 | 000,090,668 | ---- | C] () -- C:\Windows\System32\vobis32.dll
[2008/08/02 17:46:22 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/08/02 17:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/04/18 18:28:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1472.dll
[2008/03/13 09:03:26 | 000,000,552 | ---- | C] () -- C:\Users\sgregory\AppData\Local\d3d8caps.dat
[2008/03/08 09:43:33 | 000,327,680 | ---- | C] () -- C:\Windows\System32\TwcToolbarIe7.dll
[2008/03/08 09:43:33 | 000,098,304 | ---- | C] () -- C:\Windows\System32\TwcToolbarBho.dll
[2008/03/04 21:34:38 | 000,146,989 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2008/03/04 21:34:38 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2008/02/29 19:14:17 | 000,147,110 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/02/29 19:14:16 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2008/02/28 20:47:41 | 000,001,212 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/02/28 20:47:21 | 000,065,536 | ---- | C] () -- C:\Users\sgregory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/12 02:53:53 | 000,007,282 | ---- | C] () -- C:\Windows\datetime.dat
[2007/10/12 01:43:53 | 000,024,856 | ---- | C] () -- C:\Windows\System32\drivers\ntdisk.sys
[2007/10/12 01:43:53 | 000,014,680 | ---- | C] () -- C:\Windows\System32\drivers\safnt.sys
[2007/07/18 02:15:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/07/05 05:58:31 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/05 05:58:31 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007/04/26 03:35:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,389,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,371,636 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,125,882 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 08:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/11/29 14:59:06 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\AVG10
[2010/03/10 07:28:43 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/14 18:39:21 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\gtk-2.0
[2008/03/04 10:58:39 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\InterTrust
[2010/10/19 14:26:00 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\InterVideo
[2011/06/21 16:09:34 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\IObit
[2010/12/25 20:55:02 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\Leadertech
[2010/01/01 20:15:08 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\MightyPlay
[2011/06/23 11:43:08 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\SMART Technologies
[2011/06/22 20:19:36 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\SMART Technologies Inc
[2011/07/24 14:19:00 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\Windows Live Writer
[2011/07/31 13:17:37 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/05 18:02:09 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 5264 bytes -> C:\Windows\System32\drivers\oziwsnwi.sys:changelist
@Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\qijaozui.sys:changelist
@Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\nenspqnu.sys:changelist
@Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\manrlapr.sys:changelist
@Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\lvmnjtti.sys:changelist
@Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\cujkzemp.sys:changelist

< End of report >
  • 0

Advertisements


#2
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, sgregory59! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)



Could you do the following two steps for me please, then get back to me with the relevant logs :yes:



1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
OTL log
aswMBR log

  • 0

#3
sgregory59

sgregory59

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi BlackOxide and thanks for helping. Here are the two scan results:

OTL logfile created on: 8/8/2011 7:03:59 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\sgregory\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 39.08% Memory free
6.18 Gb Paging File | 4.30 Gb Available in Paging File | 69.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 447.70 Gb Total Space | 412.48 Gb Free Space | 92.13% Space Free | Partition Type: NTFS

Computer Name: MOMSCOMPUTER | User Name: sgregory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/07 14:53:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\sgregory\Downloads\OTL.exe
PRC - [2011/06/24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/06/23 13:40:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/28 14:46:56 | 003,380,624 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/30 22:00:05 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/13 09:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/06/27 08:18:40 | 000,215,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2007/06/27 08:18:20 | 000,293,080 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2007/06/27 08:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007/06/27 08:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007/06/27 08:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2007/06/27 08:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007/06/27 08:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007/06/27 08:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007/06/27 08:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007/06/27 08:13:56 | 000,268,504 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2007/06/12 16:50:30 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/06/12 16:50:28 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/05/29 09:25:56 | 000,067,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
PRC - [2007/02/12 09:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/09/01 07:12:58 | 000,074,240 | ---- | M] () -- C:\Program Files\Lenovo\file32\hotkey.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 14:53:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\sgregory\Downloads\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (FreeAgentGoNext Service)
SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/30 22:00:05 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/21 07:53:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/07/23 13:06:30 | 000,092,048 | ---- | M] (Lenovo Software (Beijing) Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\PowerDial\LitModeCtrl.exe -- (LitModeCtrl)
SRV - [2007/06/27 08:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/06/27 08:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/06/27 08:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/06/27 08:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/06/27 08:15:28 | 000,039,640 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/06/27 08:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/06/27 08:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/06/27 08:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/06/12 16:50:30 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/29 09:25:56 | 000,067,088 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe -- (OKAV Agent Service)
SRV - [2007/02/12 09:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/08/06 11:37:29 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cujkzemp.sys -- (cujkzemp)
DRV - [2011/08/05 20:06:04 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\manrlapr.sys -- (manrlapr)
DRV - [2011/08/05 20:04:09 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\nenspqnu.sys -- (nenspqnu)
DRV - [2011/07/31 16:49:10 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\oziwsnwi.sys -- (oziwsnwi)
DRV - [2011/07/31 14:06:42 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\lvmnjtti.sys -- (lvmnjtti)
DRV - [2011/07/31 14:02:33 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\qijaozui.sys -- (qijaozui)
DRV - [2011/06/17 12:37:08 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/17 12:37:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/14 23:32:54 | 000,231,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2011/01/25 18:14:16 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2011/01/25 18:14:02 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2011/01/25 18:13:52 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/31 13:23:14 | 000,014,680 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\safnt.sys -- (safnt)
DRV - [2009/07/14 21:44:22 | 001,443,584 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/04/10 23:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_VISTA)
DRV - [2008/03/13 21:00:22 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2007/10/12 01:35:39 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/06/27 08:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/05/11 06:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/05/10 07:43:24 | 000,024,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ntdisk.sys -- (ntdisk)
DRV - [2007/04/17 18:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/02/18 18:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3060407301-903124806-1522695691-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-21-3060407301-903124806-1522695691-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3060407301-903124806-1522695691-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3060407301-903124806-1522695691-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com.cn/ [binary data]
IE - HKU\S-1-5-21-3060407301-903124806-1522695691-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.iobit.com
IE - HKU\S-1-5-21-3060407301-903124806-1522695691-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3060407301-903124806-1522695691-1005\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3060407301-903124806-1522695691-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3060407301-903124806-1522695691-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62586

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://centurytel.myway.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.4
FF - prefs.js..extensions.enabledItems: [email protected]:4.4
FF - prefs.js..extensions.enabledItems: [email protected]:4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {2c088200-b973-11db-8314-0800200c9a66}:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20110608
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/23 07:47:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Toolbar\Firefox\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 13:40:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 16:40:41 | 000,000,000 | ---D | M]

[2008/11/23 20:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sgregory\AppData\Roaming\mozilla\Extensions
[2011/07/06 21:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sgregory\AppData\Roaming\mozilla\Firefox\Profiles\7gds8ms8.default\extensions
[2010/05/30 18:51:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sgregory\AppData\Roaming\mozilla\Firefox\Profiles\7gds8ms8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/28 17:33:25 | 000,000,000 | ---D | M] (Harley Davidson) -- C:\Users\sgregory\AppData\Roaming\mozilla\Firefox\Profiles\7gds8ms8.default\extensions\{2c088200-b973-11db-8314-0800200c9a66}
[2011/07/15 17:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/02 17:44:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/06 16:33:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/08/21 23:33:10 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2011/07/15 17:23:58 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/07/15 17:23:58 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
() (No name found) -- C:\USERS\SGREGORY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7GDS8MS8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SGREGORY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7GDS8MS8.DEFAULT\EXTENSIONS\[email protected]
[2011/06/23 13:40:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/06 16:33:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/06/18 16:40:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/06/02 20:47:12 | 000,228,501 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 .supercocklol.com
O1 - Hosts: 127.0.0.1 www..webloyalty.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 www.139mm.com
O1 - Hosts: 127.0.0.1 139mm.com
O1 - Hosts: 8007 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O3 - HKU\S-1-5-21-3060407301-903124806-1522695691-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3060407301-903124806-1522695691-1005\..\Toolbar\WebBrowser: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - No CLSID value found.
O3 - HKU\S-1-5-21-3060407301-903124806-1522695691-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSCMig] File not found
O4 - HKLM..\Run: [ISUSPM] File not found
O4 - HKLM..\Run: [Lenovokey] C:\Program Files\Lenovo\file32\hotkey.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] File not found
O4 - HKLM..\Run: [ModeSwitch] C:\Program Files\Lenovo\PowerDial\LitModeSwitch.exe (Lenovo Software (Beijing) Limited)
O4 - HKLM..\Run: [multitray] C:\Program Files\Lenovo\MultiRecover\loadtray.exe ()
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3060407301-903124806-1522695691-1004..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-3060407301-903124806-1522695691-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3060407301-903124806-1522695691-1005..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3060407301-903124806-1522695691-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3060407301-903124806-1522695691-1005..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-3060407301-903124806-1522695691-1005..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
O7 - HKU\S-1-5-21-3060407301-903124806-1522695691-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found
O12 - Plugin for: .spop - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img9.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img9.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (D:\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (D:\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 17:00:32 | 000,000,000 | ---D | C] -- C:\Users\sgregory\Documents\SMART Notebook
[2011/08/07 16:55:41 | 000,000,000 | ---D | C] -- C:\Users\sgregory\Documents\My Scans
[2011/08/05 20:41:32 | 000,000,000 | ---D | C] -- C:\15e1986cf2ce8b509ce367b5a6a2
[2011/07/24 14:19:00 | 000,000,000 | ---D | C] -- C:\Users\sgregory\AppData\Roaming\Windows Live Writer
[2011/07/24 14:19:00 | 000,000,000 | ---D | C] -- C:\Users\sgregory\AppData\Local\Windows Live Writer
[2011/07/15 17:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/07/15 17:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/08 17:18:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/08 17:18:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/07 18:14:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 18:00:00 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for sgregory.job
[2011/08/07 17:12:46 | 000,002,627 | ---- | M] () -- C:\Users\sgregory\Desktop\Microsoft Office Word 2007.lnk
[2011/08/07 17:09:38 | 000,095,149 | ---- | M] () -- C:\Users\sgregory\Documents\banana 2.jpg
[2011/08/07 16:55:38 | 000,851,814 | ---- | M] () -- C:\Users\sgregory\Documents\Bananas 1.jpg
[2011/08/07 16:14:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/05 20:42:26 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/05 18:02:09 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011/07/31 13:23:21 | 000,371,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/31 13:23:21 | 000,125,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/31 13:19:02 | 000,000,162 | ---- | M] () -- C:\okav_win.cfg
[2011/07/31 13:18:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/24 12:42:51 | 000,002,136 | ---- | M] () -- C:\Users\sgregory\AppData\Roaming\F44C.35A
[2011/07/17 03:19:21 | 000,000,943 | ---- | M] () -- C:\Users\sgregory\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/16 17:51:29 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/07/16 17:51:29 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/07/16 17:51:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/07/14 03:20:07 | 000,389,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/07 17:09:40 | 000,095,149 | ---- | C] () -- C:\Users\sgregory\Documents\banana 2.jpg
[2011/08/07 16:55:41 | 000,851,814 | ---- | C] () -- C:\Users\sgregory\Documents\Bananas 1.jpg
[2011/08/05 20:42:26 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/24 12:39:26 | 000,002,136 | ---- | C] () -- C:\Users\sgregory\AppData\Roaming\F44C.35A
[2011/07/16 17:51:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/04/28 17:42:49 | 000,024,206 | ---- | C] () -- C:\Users\sgregory\AppData\Roaming\UserTile.png
[2009/12/01 04:01:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/30 21:22:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/30 21:22:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/18 19:55:46 | 000,116,840 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008/12/13 23:54:23 | 000,004,690 | ---- | C] () -- C:\Windows\xnview.ini
[2008/08/08 14:34:42 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008/08/08 11:32:10 | 000,090,668 | ---- | C] () -- C:\Windows\System32\vobis32.dll
[2008/08/02 17:46:22 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/08/02 17:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/04/18 18:28:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1472.dll
[2008/03/13 09:03:26 | 000,000,552 | ---- | C] () -- C:\Users\sgregory\AppData\Local\d3d8caps.dat
[2008/03/08 09:43:33 | 000,327,680 | ---- | C] () -- C:\Windows\System32\TwcToolbarIe7.dll
[2008/03/08 09:43:33 | 000,098,304 | ---- | C] () -- C:\Windows\System32\TwcToolbarBho.dll
[2008/03/04 21:34:38 | 000,146,989 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2008/03/04 21:34:38 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2008/02/29 19:14:17 | 000,147,110 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/02/29 19:14:16 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2008/02/28 20:47:41 | 000,001,212 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/02/28 20:47:21 | 000,065,536 | ---- | C] () -- C:\Users\sgregory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/12 02:53:53 | 000,007,282 | ---- | C] () -- C:\Windows\datetime.dat
[2007/10/12 01:43:53 | 000,024,856 | ---- | C] () -- C:\Windows\System32\drivers\ntdisk.sys
[2007/10/12 01:43:53 | 000,014,680 | ---- | C] () -- C:\Windows\System32\drivers\safnt.sys
[2007/07/18 02:15:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/07/05 05:58:31 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/05 05:58:31 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007/04/26 03:35:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,389,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,371,636 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,125,882 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 08:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/11/29 14:59:06 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\AVG10
[2010/03/10 07:28:43 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/14 18:39:21 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\gtk-2.0
[2008/03/04 10:58:39 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\InterTrust
[2010/10/19 14:26:00 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\InterVideo
[2011/06/21 16:09:34 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\IObit
[2010/12/25 20:55:02 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\Leadertech
[2010/01/01 20:15:08 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\MightyPlay
[2011/06/23 11:43:08 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\SMART Technologies
[2011/06/22 20:19:36 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\SMART Technologies Inc
[2011/07/24 14:19:00 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\Windows Live Writer
[2011/07/31 13:17:37 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/05 18:02:09 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 5264 bytes -> C:\Windows\System32\drivers\oziwsnwi.sys:changelist
@Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\qijaozui.sys:changelist
@Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\nenspqnu.sys:changelist
@Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\manrlapr.sys:changelist
@Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\lvmnjtti.sys:changelist
@Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\cujkzemp.sys:changelist

< End of report >


********************************

Microsoft Signature Verification

Log file generated on 10/12/2007 at 3:49 AM
OS Platform: Windows (x86), Version: 6.0, Build: 6000, CSDVersion:
Scan Results: Total Files: 157, Signed: 157, Unsigned: 0, Not Scanned: 0

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\windows\system32]
batt.dll 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
clfs.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
e1000msg.dll 1/17/2007 2:5.00 Signed e1e6032.cat Microsoft Windows Hardware Compatibility Publisher
e1e6032.din 3/7/2007 2:5.00 Signed e1e6032.cat Microsoft Windows Hardware Compatibility Publisher
hal.dll 4/26/2007 2:5.1 Signed Package_1_for_KB9297Microsoft Windows
halacpi.dll 4/26/2007 2:5.1 Signed Package_1_for_KB9297Microsoft Windows
halmacpi.dll 4/26/2007 2:5.1 Signed Package_1_for_KB9297Microsoft Windows
hccoin.dll 10/12/2007 2:5.1 Signed Package_1_for_KB9360Microsoft Windows
hccutils.dll 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
hcw85enc.ax 6/10/2007 2:5.1 Signed hcw85bda.cat Microsoft Windows Hardware Compatibility Publisher
hcw85prop.ax 6/10/2007 2:5.1 Signed hcw85bda.cat Microsoft Windows Hardware Compatibility Publisher
hcwcp.ax 9/8/2006 2:5.1 Signed hcw85bda.cat Microsoft Windows Hardware Compatibility Publisher
hcwecppp.ax 9/8/2006 2:5.1 Signed hcw85bda.cat Microsoft Windows Hardware Compatibility Publisher
hcwxds.dll 7/21/2006 2:5.1 Signed hcw85bda.cat Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 6/6/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
ig4dev32.dll 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
ig4icd32.dll 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igdumd32.dll 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxcfg.exe 6/6/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxcoin_v1283.dll 5/31/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxcpl.cpl 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxdev.dll 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxdo.dll 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxexps.dll 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 6/6/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 6/6/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxpph.dll 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrara.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrchs.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrcht.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrcsy.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrdan.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrdeu.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrell.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrenu.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxresp.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxress.dll 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrfin.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrfra.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrheb.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrhun.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrita.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrjpn.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrkor.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrnld.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrnor.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrplk.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrptb.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrptg.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrrus.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrsky.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrslv.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrsve.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrtha.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrtrk.lrc 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.dll 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 6/6/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxtmm.dll 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxtray.exe 6/6/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxzoom.exe 6/6/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxc32.vp 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxo32.vp 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxs32.vp 5/31/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igmedkrn.dll 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iscsilog.dll 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
nicco6.dll 3/7/2007 2:5.00 Signed e1e6032.cat Microsoft Windows Hardware Compatibility Publisher
nicine6.dll 3/7/2007 2:5.00 Signed e1e6032.cat Microsoft Windows Hardware Compatibility Publisher
oemdspif.dll 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
prounstl.exe 4/12/2007 2:5.00 Signed e1e6032.cat Microsoft Windows Hardware Compatibility Publisher
streamci.dll 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
wudfcoinstaller.dll 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
[c:\windows\system32\drivers]
acpi.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
adihdaud.sys 5/11/2007 2:6.0 Signed smx.cat Microsoft Windows Hardware Compatibility Publisher
afd.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
asyncmac.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
atapi.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
bdasup.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
cdrom.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
crcdisk.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
disk.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
drmk.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
drmkaud.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
dxgkrnl.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
e1e6032.sys 4/13/2007 2:5.00 Signed e1e6032.cat Microsoft Windows Hardware Compatibility Publisher
hcw85bda.sys 6/10/2007 2:5.1 Signed hcw85bda.cat Microsoft Windows Hardware Compatibility Publisher
hcw85enc.rom 3/16/2006 2:5.1 Signed hcw85bda.cat Microsoft Windows Hardware Compatibility Publisher
hcw85mlc.rom 1/19/2007 2:5.1 Signed hcw85bda.cat Microsoft Windows Hardware Compatibility Publisher
hdaudbus.sys 10/12/2007 2:5.1 Signed Package_1_for_KB9370Microsoft Windows
heci.sys 5/11/2007 2:5.00 Signed heci.cat Microsoft Windows Hardware Compatibility Publisher
http.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
i8042prt.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
iastor.sys 3/21/2007 2:5.00 Signed iaahci.cat Microsoft Windows Hardware Compatibility Publisher
igdkmd32.sys 5/30/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
inteldh.sys 10/12/2007 2:6.0 Signed inteldh.cat Microsoft Windows Hardware Compatibility Publisher
intelppm.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
kbdclass.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
ksecdd.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
lltdio.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
monitor.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
mouclass.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
mountmgr.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
mpsdrv.sys 10/12/2007 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB9358Microsoft Windows
msisadrv.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
msiscsi.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
mskssrv.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
mspclock.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
mspqm.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
mssmbios.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
mstee.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
ndis.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
ndistapi.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
ndiswan.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
netbt.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
nmsunidr.sys 2/18/2007 2:5.1,2:6.0 Signed oem16.CAT Microsoft Windows Hardware Compatibility Publisher
nsiproxy.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
pacer.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
parport.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
parvdm.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
pci.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
peauth.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
portcls.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
rasacd.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
rasl2tp.sys 4/26/2007 2:5.1,2:5.2,2:6.0 Signed Package_1_for_KB9301Microsoft Windows
raspppoe.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
raspptp.sys 4/26/2007 2:5.1,2:5.2,2:6.0 Signed Package_1_for_KB9301Microsoft Windows
rdpcdd.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
rdpencdd.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
rspndr.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
serenum.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
serial.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
sermouse.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
sfloppy.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
smb.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
swenum.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
tcpip.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
tcpipreg.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
tdx.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
termdd.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
tm_cfw.sys 12/29/2006 2:5.00,2:5.1,2:5.2,2Signed oem21.CAT Microsoft Windows Hardware Compatibility Publisher
tm_mbd_c.sys 12/29/2006 None Signed N/A
tmcomm.sys 12/29/2006 None Signed N/A
tunnel.sys 10/12/2007 2:5.1,2:5.2,2:6.0 Signed Package_1_for_KB9358Microsoft Windows
umbus.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
usbd.sys 10/12/2007 2:5.1 Signed Package_1_for_KB9360Microsoft Windows
usbehci.sys 10/12/2007 2:5.1 Signed Package_1_for_KB9360Microsoft Windows
usbhub.sys 10/12/2007 2:5.1 Signed Package_1_for_KB9360Microsoft Windows
usbport.sys 10/12/2007 2:5.1 Signed Package_1_for_KB9360Microsoft Windows
usbstor.sys 10/12/2007 2:5.1 Signed Package_2_for_KB9368Microsoft Windows
usbuhci.sys 10/12/2007 2:5.1 Signed Package_1_for_KB9360Microsoft Windows
vga.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
volmgr.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
volmgrx.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
volsnap.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
wanarp.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
wdf01000.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
wudfrd.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
[c:\windows\system32\drivers\umdf]
wpdfs.dll 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows

When I ran aswMBR I had a box that popped up "This application can use the Avast! Free Antivirus for scanning. It is recommended to download it for better detection results. Would you like to download latest Avast! virus definitions?" Since you didn't tell me to do this, I didn't. If you need me to download Avast! and rescan, please let me know. Thanks again - you're a life saver!!!
  • 0

#4
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

No problem you're welcome. With the aswMBR, sorry about that, it's a fairly new addition, I could do with adding that to the instructions. Could you run aswMBR again, click No on the message about downloading the Avast definitions, then post the log once it has finished please.

We'll also get OTL to remove some malware items which were found in your log. Just follow the steps below, then get back to me with the relevant logs please.



1)
Run aswMBR again, follow the instructions as before, but click No to downloading the definitions. Then once it has finished scanning, Save the log and post the contents here please.




2)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2011/08/06 11:37:29 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cujkzemp.sys -- (cujkzemp)
    DRV - [2011/08/05 20:06:04 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\manrlapr.sys -- (manrlapr)
    DRV - [2011/08/05 20:04:09 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\nenspqnu.sys -- (nenspqnu)
    DRV - [2011/07/31 16:49:10 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\oziwsnwi.sys -- (oziwsnwi)
    DRV - [2011/07/31 14:06:42 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\lvmnjtti.sys -- (lvmnjtti)
    DRV - [2011/07/31 14:02:33 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\qijaozui.sys -- (qijaozui)
    IE - HKU\S-1-5-21-3060407301-903124806-1522695691-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-3060407301-903124806-1522695691-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62586
    [2007/10/12 02:53:53 | 000,007,282 | ---- | C] () -- C:\Windows\datetime.dat
    @Alternate Data Stream - 5264 bytes -> C:\Windows\System32\drivers\oziwsnwi.sys:changelist
    @Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\qijaozui.sys:changelist
    @Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\nenspqnu.sys:changelist
    @Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\manrlapr.sys:changelist
    @Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\lvmnjtti.sys:changelist
    @Alternate Data Stream - 4706 bytes -> C:\Windows\System32\drivers\cujkzemp.sys:changelist
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.




3)
Do you know what the file location was for the file that Windows Defender could not remove?




In your next reply
Please post the contents of...
aswMBR log
OTL log
Location of the file that did not want to be removed

  • 0

#5
sgregory59

sgregory59

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
aswMBR report follows - tried to run the OTL custom scans/fixes and after about 5 minutes got the message that "OTL has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-09 22:14:01
-----------------------------
22:14:01.920 OS Version: Windows 6.0.6002 Service Pack 2
22:14:01.920 Number of processors: 4 586 0xF0B
22:14:01.920 ComputerName: MOMSCOMPUTER UserName: sgregory
22:14:06.054 Initialize success
22:14:17.244 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:14:17.244 Disk 0 Vendor: ST350083 3.AA Size: 476940MB BusType: 3
22:14:17.291 Disk 0 MBR read successfully
22:14:17.291 Disk 0 MBR scan
22:14:17.291 Disk 0 Windows VISTA default MBR code
22:14:17.307 Disk 0 scanning sectors +976768065
22:14:17.463 Disk 0 scanning C:\Windows\system32\drivers
22:14:45.278 Service scanning
22:14:46.838 Modules scanning
22:15:06.104 Disk 0 trace - called modules:
22:15:06.135 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:15:06.135 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868ac968]
22:15:06.135 3 CLASSPNP.SYS[8a5af8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x847e5030]
22:15:06.135 Scan finished successfully
22:15:42.452 Disk 0 MBR has been saved successfully to "C:\Users\Public\Desktop\MBR.dat"
22:15:42.467 The log file has been saved successfully to "C:\Users\Public\Desktop\Aug9aswMBR.txt"


Windows Defender listed this under resources:
C:\Windows\System32\Tasks\fd2365a8
C:\Windows\System32\Tasks\fc815c34
C:\Windows\System32\Tasks\f00154b4
C:\Windows\System32\Tasks\d6931834
C:\Windows\System32\Tasks\d559d74
C:\Windows\System32\Tasks\d4c8c564
C:\Windows\System32\Tasks\c0f45ff4
C:\Windows\System32\Tasks\bb46c534
C:\Windows\System32\Tasks\b4f55db4
C:\Windows\System32\Tasks\8c2810f4
C:\Windows\System32\Tasks\71d811eb4
C:\Windows\System32\Tasks\79129474
C:\Windows\System32\Tasks\72c75eb4
C:\Windows\System32\Tasks\4aaac574
C:\Windows\System32\Tasks\45b69fb4
C:\Windows\System32\Tasks\2cacf290
C:\Windows\System32\Tasks\270b5f34
C:\Windows\System32\Tasks\12967334
C:\Users\sgregory\AppData\Local\Temp\setup928940788.exe
C:\Users\sgregory\AppData\Local\Temp\setup6036340.exe
C:\Users\sgregory\AppData\Local\Temp\setup517148532.exe
C:\Users\sgregory\AppData\Local\Temp\setup4186899344.exe
C:\Users\sgregory\AppData\Local\Temp\setup4077912848.exe
C:\Users\sgregory\AppData\Local\Temp\setup3786463988.exe
C:\Users\sgregory\AppData\Local\Temp\setup3561435432.exe
C:\Users\sgregory\AppData\Local\Temp\setup3293881972.exe
C:\Users\sgregory\AppData\Local\Temp\setup3134016180.exe
C:\Users\sgregory\AppData\Local\Temp\setup3046779060.exe
C:\Users\sgregory\AppData\Local\Temp\setup2497644212.exe
C:\Users\sgregory\AppData\Local\Temp\setup2467607604.exe
C:\Users\sgregory\AppData\Local\Temp\setup2073680820.exe
C:\Users\sgregory\AppData\Local\Temp\setup1978417396.exe
C:\Users\sgregory\AppData\Local\Temp\setup1933659188.exe
C:\Users\sgregory\AppData\Local\Temp\setup1338041588.exe
C:\Users\sgregory\AppData\Local\Temp\setup1064534004.exe
C:\Windows\System 32\Tasks\fd2365a8
C:\Windows\System 32\Tasks\fc815c34
C:\Windows\System 32\Tasks\d6931834
C:\Windows\System 32\Tasks\d559d74
C:\Windows\System 32\Tasks\d4c8c5b4
C:\Windows\System 32\Tasks\c0f45ff4
C:\Windows\System 32\Tasks\bb46c535
C:\Windows\System 32\Tasks\b4f55db4
C:\Windows\System 32\Tasks\8a2810f4
C:\Windows\System 32\Tasks\7d811eb4
C:\Windows\System 32\Tasks\79129474
C:\Windows\System 32\Tasks\72c75eb4
C:\Windows\System 32\Tasks\4aaac574
C:\Windows\System 32\Tasks\45b69fb4
C:\Windows\System 32\Tasks\2cacf390
C:\Windows\System 32\Tasks\270b5f34
C:\Windows\System 32\Tasks\129b7334

I hope this helps - Windows Defender wouldn't let me copy/paste this, so I had to type it in by hand. If something doesn't look right & you want me to double check this, please let me know :)
  • 0

#6
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs and your time in getting the Windows Defender information.

Could you do a couple of scans for me please, one with OTL and one with MBAM :)

The OTL log will show me if those infections are still present which were in the fix and provide me with details on the ones Windows Defender were reporting.



1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Copy and Paste the following into the Custom Scans/Fixes box at the bottom.

    C:\Windows\System32\Tasks\*.* /s
    C:\Users\sgregory\AppData\Local\Temp\*.exe
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




In your next reply
Please post the contents of...
OTL log
MBAM log

  • 0

#7
sgregory59

sgregory59

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL logfile created on: 8/12/2011 7:45:55 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\sgregory\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 44.06% Memory free
6.19 Gb Paging File | 4.47 Gb Available in Paging File | 72.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 447.70 Gb Total Space | 413.49 Gb Free Space | 92.36% Space Free | Partition Type: NTFS

Computer Name: MOMSCOMPUTER | User Name: sgregory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 03:28:00 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/07 14:53:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\sgregory\Downloads\OTL.exe
PRC - [2011/06/24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/06/23 13:40:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/30 22:00:05 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/23 14:14:22 | 003,016,048 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe
PRC - [2011/01/25 18:13:16 | 001,678,704 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
PRC - [2011/01/25 18:10:34 | 013,320,560 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
PRC - [2011/01/25 18:09:44 | 006,665,072 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe
PRC - [2011/01/25 18:09:20 | 005,893,488 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
PRC - [2010/12/13 09:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/01 18:38:16 | 000,038,400 | R--- | M] () -- C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
PRC - [2007/08/01 03:55:44 | 000,129,552 | ---- | M] () -- C:\Program Files\Lenovo\MultiRecover\multitray.exe
PRC - [2007/06/27 08:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007/06/27 08:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007/06/27 08:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2007/06/27 08:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007/06/27 08:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007/06/27 08:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007/06/27 08:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007/06/27 08:13:56 | 000,268,504 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2007/06/12 16:50:30 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/06/12 16:50:28 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/05/29 09:25:56 | 000,067,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
PRC - [2007/02/12 09:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/09/01 07:12:58 | 000,074,240 | ---- | M] () -- C:\Program Files\Lenovo\file32\hotkey.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 14:53:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\sgregory\Downloads\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (FreeAgentGoNext Service)
SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2011/08/11 03:28:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/30 22:00:05 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/07/23 13:06:30 | 000,092,048 | ---- | M] (Lenovo Software (Beijing) Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\PowerDial\LitModeCtrl.exe -- (LitModeCtrl)
SRV - [2007/06/27 08:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/06/27 08:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/06/27 08:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/06/27 08:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/06/27 08:15:28 | 000,039,640 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/06/27 08:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/06/27 08:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/06/27 08:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/06/12 16:50:30 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/29 09:25:56 | 000,067,088 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe -- (OKAV Agent Service)
SRV - [2007/02/12 09:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/08/11 03:28:00 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/11 03:28:00 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/14 23:32:54 | 000,231,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2011/01/25 18:14:16 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2011/01/25 18:14:02 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2011/01/25 18:13:52 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/31 13:23:14 | 000,014,680 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\safnt.sys -- (safnt)
DRV - [2009/07/14 21:44:22 | 001,443,584 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/04/10 23:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_VISTA)
DRV - [2008/03/13 21:00:22 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2007/10/12 01:35:39 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/06/27 08:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/05/11 06:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/05/10 07:43:24 | 000,024,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ntdisk.sys -- (ntdisk)
DRV - [2007/04/17 18:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/02/18 18:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com.cn/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.iobit.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://centurytel.myway.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.4
FF - prefs.js..extensions.enabledItems: [email protected]:4.4
FF - prefs.js..extensions.enabledItems: [email protected]:4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {2c088200-b973-11db-8314-0800200c9a66}:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20110608
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/23 07:47:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Toolbar\Firefox\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 13:40:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 16:40:41 | 000,000,000 | ---D | M]

[2008/11/23 20:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sgregory\AppData\Roaming\mozilla\Extensions
[2011/08/09 20:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sgregory\AppData\Roaming\mozilla\Firefox\Profiles\7gds8ms8.default\extensions
[2010/05/30 18:51:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sgregory\AppData\Roaming\mozilla\Firefox\Profiles\7gds8ms8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/28 17:33:25 | 000,000,000 | ---D | M] (Harley Davidson) -- C:\Users\sgregory\AppData\Roaming\mozilla\Firefox\Profiles\7gds8ms8.default\extensions\{2c088200-b973-11db-8314-0800200c9a66}
[2011/07/15 17:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/02 17:44:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/06 16:33:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/08/21 23:33:10 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2011/07/15 17:23:58 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/07/15 17:23:58 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
() (No name found) -- C:\USERS\SGREGORY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7GDS8MS8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SGREGORY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7GDS8MS8.DEFAULT\EXTENSIONS\[email protected]
[2011/06/23 13:40:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/06 16:33:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/06/18 16:40:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/09 21:33:56 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSCMig] File not found
O4 - HKLM..\Run: [ISUSPM] File not found
O4 - HKLM..\Run: [Lenovokey] C:\Program Files\Lenovo\file32\hotkey.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] File not found
O4 - HKLM..\Run: [ModeSwitch] C:\Program Files\Lenovo\PowerDial\LitModeSwitch.exe (Lenovo Software (Beijing) Limited)
O4 - HKLM..\Run: [multitray] C:\Program Files\Lenovo\MultiRecover\loadtray.exe ()
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] File not found
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found
O12 - Plugin for: .spop - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img9.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img9.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (D:\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (D:\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/10 03:05:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2011/08/09 21:33:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/07 17:00:32 | 000,000,000 | ---D | C] -- C:\Users\sgregory\Documents\SMART Notebook
[2011/08/07 16:55:41 | 000,000,000 | ---D | C] -- C:\Users\sgregory\Documents\My Scans
[2011/07/24 14:19:00 | 000,000,000 | ---D | C] -- C:\Users\sgregory\AppData\Roaming\Windows Live Writer
[2011/07/24 14:19:00 | 000,000,000 | ---D | C] -- C:\Users\sgregory\AppData\Local\Windows Live Writer
[2011/07/15 17:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/07/15 17:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/12 19:42:16 | 000,002,627 | ---- | M] () -- C:\Users\sgregory\Desktop\Microsoft Office Word 2007.lnk
[2011/08/12 19:23:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/12 19:23:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/12 19:14:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/12 18:00:00 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for sgregory.job
[2011/08/12 16:14:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/11 03:28:00 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/11 03:28:00 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/10 03:28:19 | 000,371,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/10 03:28:19 | 000,126,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/10 03:23:59 | 000,000,162 | ---- | M] () -- C:\okav_win.cfg
[2011/08/10 03:23:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/10 03:05:27 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/08/09 22:15:42 | 000,000,512 | ---- | M] () -- C:\Users\Public\Desktop\MBR.dat
[2011/08/09 22:10:08 | 000,000,512 | ---- | M] () -- C:\Users\sgregory\Documents\MBR.dat
[2011/08/09 21:33:56 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/07 17:09:38 | 000,095,149 | ---- | M] () -- C:\Users\sgregory\Documents\banana 2.jpg
[2011/08/07 16:55:38 | 000,851,814 | ---- | M] () -- C:\Users\sgregory\Documents\Bananas 1.jpg
[2011/08/05 20:42:26 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/05 18:02:09 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011/07/24 12:42:51 | 000,002,136 | ---- | M] () -- C:\Users\sgregory\AppData\Roaming\F44C.35A
[2011/07/17 03:19:21 | 000,000,943 | ---- | M] () -- C:\Users\sgregory\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/16 17:51:29 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/07/16 17:51:29 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/07/16 17:51:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/07/14 03:20:07 | 000,389,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/10 03:05:27 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/08/09 22:12:25 | 000,000,512 | ---- | C] () -- C:\Users\sgregory\Documents\MBR.dat
[2011/08/08 19:14:23 | 000,000,512 | ---- | C] () -- C:\Users\Public\Desktop\MBR.dat
[2011/08/07 17:09:40 | 000,095,149 | ---- | C] () -- C:\Users\sgregory\Documents\banana 2.jpg
[2011/08/07 16:55:41 | 000,851,814 | ---- | C] () -- C:\Users\sgregory\Documents\Bananas 1.jpg
[2011/08/05 20:42:26 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/24 12:39:26 | 000,002,136 | ---- | C] () -- C:\Users\sgregory\AppData\Roaming\F44C.35A
[2011/07/16 17:51:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/04/28 17:42:49 | 000,024,206 | ---- | C] () -- C:\Users\sgregory\AppData\Roaming\UserTile.png
[2009/12/01 04:01:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/30 21:22:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/30 21:22:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/18 19:55:46 | 000,116,840 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008/12/13 23:54:23 | 000,004,690 | ---- | C] () -- C:\Windows\xnview.ini
[2008/08/08 14:34:42 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008/08/08 11:32:10 | 000,090,668 | ---- | C] () -- C:\Windows\System32\vobis32.dll
[2008/08/02 17:46:22 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/08/02 17:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/04/18 18:28:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1472.dll
[2008/03/13 09:03:26 | 000,000,552 | ---- | C] () -- C:\Users\sgregory\AppData\Local\d3d8caps.dat
[2008/03/08 09:43:33 | 000,327,680 | ---- | C] () -- C:\Windows\System32\TwcToolbarIe7.dll
[2008/03/08 09:43:33 | 000,098,304 | ---- | C] () -- C:\Windows\System32\TwcToolbarBho.dll
[2008/03/04 21:34:38 | 000,146,989 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2008/03/04 21:34:38 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2008/02/29 19:14:17 | 000,147,110 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/02/29 19:14:16 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2008/02/28 20:47:41 | 000,001,212 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/02/28 20:47:21 | 000,065,536 | ---- | C] () -- C:\Users\sgregory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/12 01:43:53 | 000,024,856 | ---- | C] () -- C:\Windows\System32\drivers\ntdisk.sys
[2007/10/12 01:43:53 | 000,014,680 | ---- | C] () -- C:\Windows\System32\drivers\safnt.sys
[2007/07/18 02:15:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/07/05 05:58:31 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/05 05:58:31 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007/04/26 03:35:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,389,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,371,792 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,126,038 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 08:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/11/29 14:59:06 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\AVG10
[2010/03/10 07:28:43 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/14 18:39:21 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\gtk-2.0
[2008/03/04 10:58:39 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\InterTrust
[2010/10/19 14:26:00 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\InterVideo
[2011/06/21 16:09:34 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\IObit
[2010/12/25 20:55:02 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\Leadertech
[2010/01/01 20:15:08 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\MightyPlay
[2011/06/23 11:43:08 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\SMART Technologies
[2011/06/22 20:19:36 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\SMART Technologies Inc
[2011/07/24 14:19:00 | 000,000,000 | ---D | M] -- C:\Users\sgregory\AppData\Roaming\Windows Live Writer
[2011/08/10 03:21:42 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/05 18:02:09 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< C:\Windows\System32\Tasks\*.* /s >
[2011/06/21 16:10:14 | 000,003,086 | ---- | M] () -- C:\Windows\System32\Tasks\ASC4_PerformanceMonitor
[2011/08/05 16:09:31 | 000,003,634 | ---- | M] () -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
[2011/08/05 16:09:32 | 000,003,886 | ---- | M] () -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
[2009/03/22 18:00:00 | 000,003,406 | ---- | M] () -- C:\Windows\System32\Tasks\Norton Security Scan for sgregory
[2010/10/18 18:01:55 | 000,003,202 | ---- | M] () -- C:\Windows\System32\Tasks\SmartDefrag
[2011/08/12 05:48:25 | 000,003,714 | ---- | M] () -- C:\Windows\System32\Tasks\User_Feed_Synchronization-{5EADDC29-36EE-4D5A-A344-2CAA1D33C206}
[2008/03/07 21:56:00 | 000,003,002 | ---- | M] () -- C:\Windows\System32\Tasks\{2A06B057-7FDA-4757-8EAA-491B3B323895}
[2008/03/06 21:45:56 | 000,002,962 | ---- | M] () -- C:\Windows\System32\Tasks\{34591F57-9235-41CD-B27B-36BA63770766}
[2009/10/31 13:00:37 | 000,003,186 | ---- | M] () -- C:\Windows\System32\Tasks\{957FB620-5D04-46BB-98A7-51A58E344619}
[2011/08/10 03:26:51 | 000,003,504 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
[2011/08/10 03:26:52 | 000,003,510 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update
[2011/01/09 18:18:42 | 000,004,158 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
[2009/11/30 12:56:54 | 000,004,600 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
[2009/11/30 12:56:54 | 000,003,880 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
[2006/11/02 07:53:58 | 000,001,656 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
[2006/11/02 07:50:53 | 000,003,044 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2006/11/02 07:50:53 | 000,003,030 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
[2006/11/02 07:50:53 | 000,003,738 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
[2006/11/02 07:56:55 | 000,002,800 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[2006/11/02 07:56:23 | 000,002,752 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
[2009/08/23 17:08:08 | 000,002,572 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag
[2006/11/02 07:55:52 | 000,003,684 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
[2009/11/30 12:56:55 | 000,002,380 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
[2006/11/02 07:55:52 | 000,001,968 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit
[2011/08/12 08:09:39 | 000,003,974 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\mcupdate
[2006/11/02 07:55:52 | 000,001,984 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate
[2006/11/02 07:55:52 | 000,001,988 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery
[2006/11/02 07:55:52 | 000,002,312 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath
[2006/11/02 07:56:03 | 000,003,170 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC\HotStart
[2006/11/02 07:56:36 | 000,003,294 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC\TMM
[2008/02/28 19:19:15 | 000,003,738 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove
[2006/11/02 07:53:27 | 000,002,468 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
[2009/11/30 12:56:54 | 000,004,342 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
[2006/11/02 07:53:10 | 000,003,854 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries
[2006/11/02 07:53:57 | 000,003,194 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\RAC\RACAgent
[2006/11/02 07:56:46 | 000,004,462 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
[2006/11/02 07:55:32 | 000,002,308 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
[2006/11/02 07:55:47 | 000,003,446 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\AutoWake
[2006/11/02 07:55:47 | 000,003,258 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager
[2007/10/12 00:56:22 | 000,003,478 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent
[2007/10/12 00:56:37 | 000,003,564 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders
[2006/11/02 07:56:03 | 000,003,384 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore\SR
[2011/06/22 22:33:48 | 000,002,972 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization
[2006/11/02 07:52:49 | 000,003,576 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
[2006/11/02 07:52:50 | 000,003,692 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
[2009/12/01 08:42:52 | 000,003,160 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\WSHReset
[2006/11/02 07:53:23 | 000,002,844 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
[2006/11/02 07:50:06 | 000,001,596 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
[2006/11/02 07:50:00 | 000,002,548 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\WDI\ResolutionHost
[2006/11/02 07:50:00 | 000,003,068 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
[2006/11/02 07:50:03 | 000,001,834 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo
[2006/11/02 07:56:51 | 000,001,846 | ---- | M] () -- C:\Windows\System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo
[2009/12/02 04:22:48 | 000,004,164 | ---- | M] () -- C:\Windows\System32\Tasks\WPD\SqmUpload_S-1-5-21-3060407301-903124806-1522695691-1005

< C:\Users\sgregory\AppData\Local\Temp\*.exe >
[2010/10/21 20:04:04 | 002,822,144 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\sgregory\AppData\Local\Temp\InstallAX.exe
[2011/01/09 18:00:04 | 000,469,256 | ---- | M] (Microsoft Corporation) -- C:\Users\sgregory\AppData\Local\Temp\MSN9B5F.exe
[378 C:\Users\sgregory\AppData\Local\Temp\*.tmp files -> C:\Users\sgregory\AppData\Local\Temp\*.tmp -> ]

< End of report >

MBAM report follows - it gave me the message that not all the infected files could be removed and to click on the one that still exists and remove it manually. I did not do this - wanted your input first.

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-09 22:14:01
-----------------------------
22:14:01.920 OS Version: Windows 6.0.6002 Service Pack 2
22:14:01.920 Number of processors: 4 586 0xF0B
22:14:01.920 ComputerName: MOMSCOMPUTER UserName: sgregory
22:14:06.054 Initialize success
22:14:17.244 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:14:17.244 Disk 0 Vendor: ST350083 3.AA Size: 476940MB BusType: 3
22:14:17.291 Disk 0 MBR read successfully
22:14:17.291 Disk 0 MBR scan
22:14:17.291 Disk 0 Windows VISTA default MBR code
22:14:17.307 Disk 0 scanning sectors +976768065
22:14:17.463 Disk 0 scanning C:\Windows\system32\drivers
22:14:45.278 Service scanning
22:14:46.838 Modules scanning
22:15:06.104 Disk 0 trace - called modules:
22:15:06.135 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:15:06.135 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868ac968]
22:15:06.135 3 CLASSPNP.SYS[8a5af8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x847e5030]
22:15:06.135 Scan finished successfully
22:15:42.452 Disk 0 MBR has been saved successfully to "C:\Users\Public\Desktop\MBR.dat"
22:15:42.467 The log file has been saved successfully to "C:\Users\Public\Desktop\Aug9aswMBR.txt"


Also getting 2 boxes from Spybot that say "Spybot has discovered an important registry that has been changed. Category: System startup global entry
Changes: Value deleted
Entry: MRT
old data: "C:\Windows\system32\MRT.exe"/R

"Spybot has discovered an important registry that has been changed. Category: System startup global entry
Category: Browser Helper Object
Change: Value deleted
Entry:0BDA0659-FD72-49F4-9266-E1FB004F4D8F

It will not allow me to deny the changes which makes me think it is connected to the Trojan.
  • 0

#8
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

I wouldn't worry much about those Spybot registry changes. The MRT.exe is just Microsoft's Malicious Software Removal Tool and the other is unknown, but has been removed, so it shouldn't affect things. :)

You've posted the aswMBR log instead of the MBAM log. Could you open up MBAM and copy and paste the log please. Here's how to find it again...


  • Open MBAM and click the Logs tab at the top
  • They should be in Date/Time order, please choose the log from the previous run whereby those infections were removed, then click Open.
  • Copy and Paste the log into your next reply

  • 0

#9
sgregory59

sgregory59

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry about that - I'm a newbie so you have to type slowly so I get it.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7452

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/12/2011 7:59:52 PM
mbam-log-2011-08-12 (19-59-52).txt

Scan type: Quick scan
Objects scanned: 180804
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B7D3E479-CC68-42B5-A338-938ECE35F419} (Adware.Softomate) -> Value: {B7D3E479-CC68-42B5-A338-938ECE35F419} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B7D3E479-CC68-42B5-A338-938ECE35F419} (Adware.Softomate) -> Value: {B7D3E479-CC68-42B5-A338-938ECE35F419} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.
c:\program files\iobit toolbar\IE\4.5\iobittoolbarie.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.
c:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\sgregory\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\sgregory\AppData\Roaming\Adobe\plugs\mmc4.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Thanks for being patient with me and for all the help!
  • 0

#10
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem :)


MBAM report follows - it gave me the message that not all the infected files could be removed and to click on the one that still exists and remove it manually. I did not do this - wanted your input first.

MBAM will usually automatically remove any remaining threats when it next reboots. We'll do another Quick Scan to see if any do still remain.

After MBAM, we'll do a scan with ComboFix, to see if any leftovers are still lurking :unsure:




1)
Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply




2)
Download ComboFix from one of these locations:

Link 1
Link 2


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you already have the Recovery Console preinstalled, it will not ask for the following. If it does prompt, allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply.




In your next reply
Please post the contents of...
MBAM log
ComboFix log

  • 0

#11
sgregory59

sgregory59

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Okay, finally got around to doing this. (I teach 4th grade and today was the first day of school - wheeeeew!)

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7474

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/15/2011 7:00:26 PM
mbam-log-2011-08-15 (19-00-26).txt

Scan type: Quick scan
Objects scanned: 181047
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ComboFix 11-08-15.08 - sgregory 08/15/2011 19:12:18.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3054.1245 [GMT -5:00]
Running from: c:\users\sgregory\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sgregory\AppData\Roaming\Adobe\plugs
c:\users\sgregory\AppData\Roaming\Adobe\shed
c:\windows\iun6002.exe
c:\windows\s.bat
c:\windows\system32\AutoRun.inf
c:\windows\system32\msconfig.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-16 00:06 . 2011-08-16 00:06 -------- d-----w- c:\programdata\IObit
2011-08-13 00:54 . 2011-08-13 00:54 -------- d-----w- c:\users\sgregory\AppData\Roaming\Malwarebytes
2011-08-13 00:53 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-13 00:53 . 2011-08-13 00:53 -------- d-----w- c:\programdata\Malwarebytes
2011-08-13 00:53 . 2011-08-13 00:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-13 00:53 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 07:00 . 2011-07-20 14:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{930E91FA-E4C3-421E-80A9-9214B1CF4641}\mpengine.dll
2011-08-10 04:34 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 04:34 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 04:34 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 04:33 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 04:33 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 04:33 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 02:33 . 2011-08-10 02:33 -------- d-----w- C:\_OTL
2011-07-24 19:19 . 2011-07-24 19:19 -------- d-----w- c:\users\sgregory\AppData\Roaming\Windows Live Writer
2011-07-24 19:19 . 2011-07-24 19:19 -------- d-----w- c:\users\sgregory\AppData\Local\Windows Live Writer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 08:28 . 2011-01-10 19:54 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-11 08:28 . 2011-01-10 19:54 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-16 22:51 . 2011-07-16 22:51 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-16 22:51 . 2011-07-16 22:51 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-07-16 22:51 . 2011-07-16 22:51 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-07-16 22:51 . 2011-07-16 22:51 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-07-16 22:51 . 2011-07-16 22:51 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-07-16 22:51 . 2011-07-16 22:51 161792 ----a-w- c:\windows\system32\msls31.dll
2011-07-16 22:51 . 2011-07-16 22:51 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-07-16 22:51 . 2011-07-16 22:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-07-16 22:51 . 2011-07-16 22:51 367104 ----a-w- c:\windows\system32\html.iec
2011-07-16 22:51 . 2011-07-16 22:51 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-16 22:51 . 2011-07-16 22:51 152064 ----a-w- c:\windows\system32\wextract.exe
2011-07-16 22:51 . 2011-07-16 22:51 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-07-16 22:51 . 2011-07-16 22:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-16 22:51 . 2011-07-16 22:51 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-16 22:51 . 2011-07-16 22:51 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-07-16 22:51 . 2011-07-16 22:51 11776 ----a-w- c:\windows\system32\mshta.exe
2011-07-16 22:51 . 2011-07-16 22:51 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-07-16 22:51 . 2011-07-16 22:51 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-26 01:05 . 2011-06-26 01:05 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-16 13:04 . 2011-06-16 13:04 81592 ----a-w- c:\windows\system32\NicInE6.dll
2011-06-15 04:32 . 2011-06-15 04:32 231112 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2011-06-02 13:34 . 2011-07-13 17:26 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 00:14 . 2009-10-03 06:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-23 18:40 . 2011-06-18 21:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lenovokey"="c:\program files\Lenovo\file32\hotkey.exe" [2006-09-01 74240]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-12 174872]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"ModeSwitch"="c:\program files\Lenovo\PowerDial\LitModeSwitch.exe" [2007-08-02 177448]
"multitray"="c:\program files\Lenovo\MultiRecover\loadtray.exe" [2007-06-29 31248]
"Corel File Shell Monitor"="c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe" [2007-12-01 38400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-18 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-18 141848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2011-01-25 5893488]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2011-01-25 1678704]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2011-1-25 13320560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0d:\avgchsvx.exe /sync\0D:\avgrsx.exe /sync /restart
.
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-08 16:03]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-08 16:03]
.
2011-08-05 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-08-23 23:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.iobit.com
mWindow Title = Microsoft Internet Explorer provided by CenturyTel
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\sgregory\AppData\Roaming\Mozilla\Firefox\Profiles\7gds8ms8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://centurytel.myway.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - d:\toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - d:\toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - d:\toolbar\IEToolbar.dll
HKLM-Run-IMSCMig - e:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE
HKLM-Run-ISUSPM - e:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-WPCUMI - e:\windows\system32\WpcUmi.exe
HKLM-Run-AVG_TRAY - D:\avgtray.exe
HKLM-Run-MaxMenuMgr - d:\freeagent status\StxMenuMgr.exe
HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel MediaOne\Corel PhotoDownloader.exe
AddRemove-3D Pinball Express - c:\program files\Cosmi\3D Pinball Express\DeIsL1.isu
AddRemove-Super Huey III - c:\program files\Cosmi\Super Huey III\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-15 19:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3060407301-903124806-1522695691-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3060407301-903124806-1522695691-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
Completion time: 2011-08-15 19:20:29
ComboFix-quarantined-files.txt 2011-08-16 00:20
.
Pre-Run: 443,720,044,544 bytes free
Post-Run: 443,720,159,232 bytes free
.
- - End Of File - - BF89489FDA6F64161FEAB34912F9CDD0
  • 0

#12
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem, hope the new school term goes well :)


Your logs are looking good now. Could you try running a scan with Windows Defender and let me know whether it is still detecting any threats, or whether it is now all clear.
  • 0

#13
sgregory59

sgregory59

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Windows Defender says my computer is running normally and no harmful software is detected - Yeah!!!!!
You have been so much help and thank you seems so inadequate. I felt violated that someone had invaded my privacy and powerless to defend myself. BlackOxide - you are my knight in shining armor! I'm buying you a cup of coffee via PayPal. My British grandmother is rolling over in her grave - it should be "a spot of tea" - how remiss of me! Thank you, thank you, thank you!
  • 0

#14
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
:unsure:

You're welcome, I'm glad I could be of assistance :)

I'll post my cleanup steps below, which will guide you through removing the tools we have used. If you have any other queries, just let me know.




Good stuff, your logs now appear clean :)

Please go through the Cleanup section below and have a read of the other information which will help keep your PC protected

Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR from the Desktop (if present)

2)
Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

3)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
    [CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

4)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

5)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


========== Anti Malware Protection ==========

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Alternate Browsers ==========

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge addon list.

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.


Have fun and stay safe online :yes:
BlackOxide

  • 0

#15
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP