Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

stubborn trojandownloader:win32/tracur.y and tracur.b virus

Started by shmalligator , Aug 17 2011 07:29 PM

  • This topic is locked This topic is locked

#1
shmalligator
Posted 17 August 2011 - 07:29 PM

shmalligator

    Member

  • Member
  • PipPip
  • 31 posts
Hi guys! I have been running Malwarebytes and Microsoft Security Essentials and they've been catching both of these (trojandownloader:win32/tracur.y and trojandownloader:win32/tracur.b). Sometimes it says that it's fixed the problem and sometimes it says that they can't be removed. I've run Spybot Search and Destroy as well but it seems every time I reboot it's coming back. It is doing google redirects, my computer is taking a while to load things it would normally load quickly, things of that nature. It doesn't seem particularly detrimental but I've read that this virus leaves you vulnerable to other viruses so I'd like to get rid of it asap. Unfortunately, I have no idea how it was acquired. In case it's relevant, websites I frequent are facebook, twitter, cracked, and tumblr. Please help!

I should add that I'm not good with computers, so I'll need some patience. Sorry!

edit: just downloaded OTL, here is my log.

OTL logfile created on: 8/17/2011 9:41:59 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\DELL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 328.40 Mb Available Physical Memory | 32.38% Memory free
2.39 Gb Paging File | 1.79 Gb Available in Paging File | 75.05% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 16.45 Gb Free Space | 44.16% Space Free | Partition Type: NTFS

Computer Name: GX520 | User Name: DELL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/17 21:41:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DELL\desktop\OTL.exe
PRC - [2011/08/09 12:27:52 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/06/21 18:14:46 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/28 21:14:52 | 017,529,856 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\EADMUI.exe
PRC - [2011/04/28 21:08:16 | 000,095,024 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\EACoreServer.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/07/09 19:08:04 | 002,712,920 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
PRC - [2008/07/01 10:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/09 12:27:52 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/07/28 20:28:53 | 003,542,616 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll
MOD - [2011/07/05 16:10:09 | 006,271,648 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/21 18:14:47 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/05/28 14:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/05/28 14:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/05/28 14:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2011/04/26 20:37:22 | 000,327,680 | R--- | M] () -- C:\Program Files\Electronic Arts\EADM\phonon4.dll
MOD - [2011/04/26 20:37:12 | 000,413,184 | R--- | M] () -- C:\Program Files\Electronic Arts\EADM\QtXml4.dll
MOD - [2011/04/26 20:36:58 | 015,724,544 | R--- | M] () -- C:\Program Files\Electronic Arts\EADM\QtWebKit4.dll
MOD - [2011/04/26 20:36:40 | 001,092,096 | R--- | M] () -- C:\Program Files\Electronic Arts\EADM\QtNetwork4.dll
MOD - [2011/04/26 20:36:30 | 009,433,600 | R--- | M] () -- C:\Program Files\Electronic Arts\EADM\QtGui4.dll
MOD - [2011/04/26 20:34:58 | 002,686,464 | R--- | M] () -- C:\Program Files\Electronic Arts\EADM\QtCore4.dll
MOD - [2009/01/12 19:56:14 | 000,071,504 | ---- | M] () -- C:\Program Files\IObit\IObit SmartDefrag\taskdll.dll
MOD - [2009/01/12 19:56:00 | 000,059,216 | ---- | M] () -- C:\Program Files\IObit\IObit SmartDefrag\NtfsData.dll
MOD - [2008/07/01 10:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
MOD - [2008/06/13 15:17:30 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WlanDll.dll
MOD - [2007/09/14 10:27:14 | 000,024,576 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\CheckSessions.dll
MOD - [2006/12/15 11:30:38 | 000,966,765 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/16 16:25:50 | 001,208,832 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\drmv2clt32.exe -- (stisvc32) Windows Image Acquisition (WIA)
SRV - [2011/07/28 20:28:53 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/05/08 15:10:00 | 004,051,248 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)


========== Driver Services (SafeList) ==========

DRV - [2011/08/17 21:23:30 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F394D18-6F04-4B5D-954D-5CE92962EB80}\MpKslc1e4af7e.sys -- (MpKslc1e4af7e)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/12/28 16:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2645238
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 41 24 41 04 46 8F 64 49 90 41 C7 8E 66 94 71 69 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.6
FF - prefs.js..extensions.enabledItems: {422707e2-3d0c-4056-be3d-4a4dc25eac15}:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/21 18:14:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 18:14:52 | 000,000,000 | ---D | M]

[2010/11/26 18:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DELL\Application Data\Mozilla\Extensions
[2011/08/17 21:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\extensions
[2011/08/16 16:26:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\extensions\{422707e2-3d0c-4056-be3d-4a4dc25eac15}
[2011/07/04 08:51:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/03 10:56:32 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\searchplugins\conduit.xml
[2011/05/23 11:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/14 22:47:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/01/18 20:54:58 | 000,425,925 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14674 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmartDefrag] C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [EADM] C:\Program Files\Electronic Arts\EADM\EADMUI.exe (Electronic Arts)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1290810829234 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\DELL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DELL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/14 19:13:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/17 21:41:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DELL\Desktop\OTL.exe
[2011/08/10 12:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/08/10 11:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/08/09 12:58:31 | 004,051,248 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2011/08/09 12:58:08 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2011/08/09 12:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2011/08/09 12:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Start Menu\Programs\GamesCampus
[2011/08/09 12:46:18 | 000,000,000 | ---D | C] -- C:\GamesCampus
[2011/08/09 12:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Local Settings\Application Data\PMB Files
[2011/08/09 12:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/08/09 12:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/08/04 19:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/08/04 19:23:42 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\DELL\Desktop\*.tmp files -> C:\Documents and Settings\DELL\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/17 21:41:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DELL\Desktop\OTL.exe
[2011/08/17 21:16:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/17 21:12:49 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/08/17 21:11:27 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/17 21:11:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\1785716294
[2011/08/17 21:11:14 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/17 21:10:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/17 10:06:16 | 000,000,097 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/08/10 12:20:54 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/10 11:58:01 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/08/09 12:49:00 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\DELL\Desktop\ShotOnline.lnk
[2011/08/09 12:42:08 | 770,401,959 | ---- | M] () -- C:\Documents and Settings\DELL\Desktop\ShotOnlineClient_ENG_COM_0615.exe
[2011/08/04 19:23:49 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/08/03 14:22:20 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 10:39:33 | 000,505,744 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\fight.gif
[2011/07/31 10:24:54 | 000,351,583 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\nooo.gif
[2011/07/25 10:34:59 | 000,492,395 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\beauty.gif
[2011/07/24 19:47:35 | 000,081,708 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\starkid!.jpg
[2011/07/23 10:51:56 | 000,218,592 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\The Coolest Girl (AVPS) Sheet Music - Vocal Score (Project Enastron).pdf
[2011/07/23 10:25:12 | 000,267,487 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\haha.gif
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\DELL\Desktop\*.tmp files -> C:\Documents and Settings\DELL\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/17 10:06:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/08/16 16:26:06 | 000,000,098 | ---- | C] () -- C:\WINDOWS\System32\1785716294
[2011/08/10 12:25:46 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/10 11:59:02 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/10 11:58:01 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/08/09 12:58:07 | 000,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2011/08/09 12:49:00 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\DELL\Desktop\ShotOnline.lnk
[2011/08/09 12:28:21 | 770,401,959 | ---- | C] () -- C:\Documents and Settings\DELL\Desktop\ShotOnlineClient_ENG_COM_0615.exe
[2011/08/04 19:23:49 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/31 10:39:33 | 000,505,744 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\fight.gif
[2011/07/31 10:24:53 | 000,351,583 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\nooo.gif
[2011/07/25 10:34:58 | 000,492,395 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\beauty.gif
[2011/07/24 19:47:34 | 000,081,708 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\starkid!.jpg
[2011/07/23 10:51:55 | 000,218,592 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\The Coolest Girl (AVPS) Sheet Music - Vocal Score (Project Enastron).pdf
[2011/07/23 10:25:10 | 000,267,487 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\haha.gif
[2011/05/08 16:17:48 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/05/07 15:39:47 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2011/03/06 23:49:02 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/17 14:52:40 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\DELL\Application Data\uid_pal
[2010/11/26 18:33:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/26 18:27:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/26 13:48:39 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\DELL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/14 23:40:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/14 19:26:38 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/06/14 19:15:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/14 19:09:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/14 15:02:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/14 15:01:43 | 000,107,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/19 10:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 12:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 12:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 12:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 12:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 11:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/02 11:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/05/08 12:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/26 15:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/12/25 12:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/12/21 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/05/08 16:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/09 12:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/08/17 21:11:14 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/08/17 21:12:49 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job
[2011/08/17 21:16:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >









here is the report that was marked Extras.txt

OTL Extras logfile created on: 8/17/2011 9:41:59 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\DELL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 328.40 Mb Available Physical Memory | 32.38% Memory free
2.39 Gb Paging File | 1.79 Gb Available in Paging File | 75.05% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 16.45 Gb Free Space | 44.16% Space Free | Partition Type: NTFS

Computer Name: GX520 | User Name: DELL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57525:TCP" = 57525:TCP:*:Enabled:Pando Media Booster
"57525:UDP" = 57525:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57525:TCP" = 57525:TCP:*:Enabled:Pando Media Booster
"57525:UDP" = 57525:UDP:*:Enabled:Pando Media Booster
"1077:TCP" = 1077:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F248ADFA-64E0-4B03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Akamai" = Akamai NetSession Interface
"EADM" = EA Download Manager
"Game Booster_is1" = Game Booster
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"ShotOnline" = ShotOnline
"Smart Defrag_is1" = Smart Defrag
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/10/2011 12:12:29 PM | Computer Name = GX520 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/10/2011 12:12:34 PM | Computer Name = GX520 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/10/2011 12:12:35 PM | Computer Name = GX520 | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF05 Description:Can't complete the Setup Wizard. One
or more command line arguments are invalid. Error code:0x8004FF05.

Error - 8/10/2011 12:20:26 PM | Computer Name = GX520 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 8/10/2011 12:41:21 PM | Computer Name = GX520 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 8/16/2011 5:41:46 PM | Computer Name = GX520 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.7104.0, P3 1.109.1918.0, P4 1.109.1918.0, P5 trojandownloader_win32_tracur.y,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 8/17/2011 9:44:05 AM | Computer Name = GX520 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.7104.0, P3 1.109.1918.0, P4 1.109.1918.0, P5 trojandownloader_win32_tracur.y,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 8/17/2011 10:11:12 AM | Computer Name = GX520 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/17/2011 10:11:21 AM | Computer Name = GX520 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.7104.0, P3 1.109.1918.0, P4 1.109.1918.0, P5 trojandownloader_win32_tracur.y,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 8/17/2011 9:09:08 PM | Computer Name = GX520 | Source = Microsoft Security Client | ID = 5000
Description =

[ Application Events ]
Error - 8/10/2011 12:12:29 PM | Computer Name = GX520 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/10/2011 12:12:34 PM | Computer Name = GX520 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/10/2011 12:12:35 PM | Computer Name = GX520 | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF05 Description:Can't complete the Setup Wizard. One
or more command line arguments are invalid. Error code:0x8004FF05.

Error - 8/10/2011 12:20:26 PM | Computer Name = GX520 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 8/10/2011 12:41:21 PM | Computer Name = GX520 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 8/16/2011 5:41:46 PM | Computer Name = GX520 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.7104.0, P3 1.109.1918.0, P4 1.109.1918.0, P5 trojandownloader_win32_tracur.y,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 8/17/2011 9:44:05 AM | Computer Name = GX520 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.7104.0, P3 1.109.1918.0, P4 1.109.1918.0, P5 trojandownloader_win32_tracur.y,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 8/17/2011 10:11:12 AM | Computer Name = GX520 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/17/2011 10:11:21 AM | Computer Name = GX520 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.7104.0, P3 1.109.1918.0, P4 1.109.1918.0, P5 trojandownloader_win32_tracur.y,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 8/17/2011 9:09:08 PM | Computer Name = GX520 | Source = Microsoft Security Client | ID = 5000
Description =

[ System Events ]
Error - 8/17/2011 10:18:13 AM | Computer Name = GX520 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 8/17/2011 10:18:42 AM | Computer Name = GX520 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 8/17/2011 10:24:52 AM | Computer Name = GX520 | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/17/2011 10:27:04 AM | Computer Name = GX520 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{88CA0601-D5C2-457A-A391-A346F2603E04}. The
backup browser is stopping.

Error - 8/17/2011 10:28:59 AM | Computer Name = GX520 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.109.1918.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error
code: 0x80070643 Error description: Fatal error during installation.

Error - 8/17/2011 10:29:10 AM | Computer Name = GX520 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138
(Definition 1.111.69.0).

Error - 8/17/2011 9:09:00 PM | Computer Name = GX520 | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147647562

Name:
TrojanDownloader:Win32/Tracur.Y ID: 2147647562 Severity: Severe Category: Trojan Downloader

Path:
process:_pid:1968;process:_pid:2324 Detection Origin: %%844 Detection Type: %%822

Detection
Source: %%820 User: GX520\DELL Process Name: C:\WINDOWS\system32\drmv2clt32.exe Action:
%%808 Action Status: No additional actions required Error Code: 0x80070102 Error
description: The wait operation timed out. Signature Version: AV: 1.109.1918.0,
AS: 1.109.1918.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7104.0, NIS: 0.0.0.0

Error - 8/17/2011 9:09:00 PM | Computer Name = GX520 | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147647562

Name:
TrojanDownloader:Win32/Tracur.Y ID: 2147647562 Severity: Severe Category: Trojan Downloader

Path:
process:_pid:1968;process:_pid:2324 Detection Origin: %%844 Detection Type: %%822

Detection
Source: %%820 User: GX520\DELL Process Name: C:\WINDOWS\system32\drmv2clt32.exe Action:
%%809 Action Status: No additional actions required Error Code: 0x8007054f Error
description: An internal error occurred. Signature Version: AV: 1.109.1918.0, AS:
1.109.1918.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7104.0, NIS: 0.0.0.0

Error - 8/17/2011 9:14:08 PM | Computer Name = GX520 | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/17/2011 9:16:04 PM | Computer Name = GX520 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{88CA0601-D5C2-457A-A391-A346F2603E04}. The
backup browser is stopping.


< End of report >

Edited by shmalligator, 17 August 2011 - 07:48 PM.

  • 0

Advertisements

#2
maliprog
Posted 18 August 2011 - 12:01 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello shmalligator and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 41 24 41 04 46 8F 64 49 90 41 C7 8E 66 94 71 69 [binary data]
    [2011/08/17 21:11:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\1785716294

    :Reg
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.

Just report that AVAST manage to removed all findings.

Step 3

Please do OTL scan but this time make sure that All Users option is selected.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Your report on AVAST scan
  • New OTL scan log
It would be helpful if you could post each log in separate post
  • 0

#3
shmalligator
Posted 18 August 2011 - 06:14 AM

shmalligator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here is the OTL fix it log. I am downloading Avast now!

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
C:\WINDOWS\system32\1785716294 moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\DELL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\DELL\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 204550 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: DELL
->Temp folder emptied: 2057330 bytes
->Temporary Internet Files folder emptied: 8927211 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 95576528 bytes
->Flash cache emptied: 836 bytes

User: LocalService
->Temp folder emptied: 2045500 bytes
->Temporary Internet Files folder emptied: 33455 bytes

User: NetworkService
->Temp folder emptied: 2339674 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2409090 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 792837 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 698234 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 110.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: DELL
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 08182011_080200

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_514.dat not found!
File\Folder C:\WINDOWS\temp\ZLT01463.TMP not found!

Registry entries deleted on Reboot...

Edited by shmalligator, 18 August 2011 - 06:15 AM.

  • 0

#4
shmalligator
Posted 18 August 2011 - 07:11 AM

shmalligator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
The Avast boot-time scan ended up only taking 30 minutes and didn't detect any viruses. Should I be concerned that it took so little time and came up with nothing?

Meanwhile, Google redirects seem to have stopped.

Here is the OTL log after running Avast.



OTL logfile created on: 8/18/2011 8:58:51 AM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\DELL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 415.14 Mb Available Physical Memory | 40.94% Memory free
2.39 Gb Paging File | 1.85 Gb Available in Paging File | 77.72% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 16.26 Gb Free Space | 43.67% Space Free | Partition Type: NTFS

Computer Name: GX520 | User Name: DELL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/17 21:41:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DELL\desktop\OTL.exe
PRC - [2011/08/09 12:27:52 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/28 21:14:52 | 017,529,856 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\EADMUI.exe
PRC - [2011/04/28 21:08:16 | 000,095,024 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\EACoreServer.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/07/09 19:08:04 | 002,712,920 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
PRC - [2008/07/01 10:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 11:33:23 | 001,299,456 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11081701\algo.dll
MOD - [2011/08/16 11:12:29 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11081701\aswRep.dll
MOD - [2011/08/09 12:27:52 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/07/28 20:28:53 | 003,542,616 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll
MOD - [2011/05/28 14:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/05/28 14:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/05/28 14:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2011/04/26 20:37:22 | 000,327,680 | R--- | M] () -- C:\Program Files\Electronic Arts\EADM\phonon4.dll
MOD - [2011/04/26 20:37:12 | 000,413,184 | R--- | M] () -- C:\Program Files\Electronic Arts\EADM\QtXml4.dll
MOD - [2011/04/26 20:36:58 | 015,724,544 | R--- | M] () -- C:\Program Files\Electronic Arts\EADM\QtWebKit4.dll
MOD - [2011/04/26 20:36:40 | 001,092,096 | R--- | M] () -- C:\Program Files\Electronic Arts\EADM\QtNetwork4.dll
MOD - [2011/04/26 20:36:30 | 009,433,600 | R--- | M] () -- C:\Program Files\Electronic Arts\EADM\QtGui4.dll
MOD - [2011/04/26 20:34:58 | 002,686,464 | R--- | M] () -- C:\Program Files\Electronic Arts\EADM\QtCore4.dll
MOD - [2009/01/12 19:56:14 | 000,071,504 | ---- | M] () -- C:\Program Files\IObit\IObit SmartDefrag\taskdll.dll
MOD - [2009/01/12 19:56:00 | 000,059,216 | ---- | M] () -- C:\Program Files\IObit\IObit SmartDefrag\NtfsData.dll
MOD - [2008/07/01 10:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
MOD - [2008/06/13 15:17:30 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WlanDll.dll
MOD - [2007/09/14 10:27:14 | 000,024,576 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\CheckSessions.dll
MOD - [2006/12/15 11:30:38 | 000,966,765 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/28 20:28:53 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/05/08 15:10:00 | 004,051,248 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)


========== Driver Services (SafeList) ==========

DRV - [2011/08/18 08:55:23 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F394D18-6F04-4B5D-954D-5CE92962EB80}\MpKsl352a8375.sys -- (MpKsl352a8375)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/12/28 16:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 41 24 41 04 46 8F 64 49 90 41 C7 8E 66 94 71 69 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 41 24 41 04 46 8F 64 49 90 41 C7 8E 66 94 71 69 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 41 24 41 04 46 8F 64 49 90 41 C7 8E 66 94 71 69 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 41 24 41 04 46 8F 64 49 90 41 C7 8E 66 94 71 69 [binary data]

IE - HKU\S-1-5-21-776561741-1060284298-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2645238
IE - HKU\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.6
FF - prefs.js..extensions.enabledItems: {422707e2-3d0c-4056-be3d-4a4dc25eac15}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1203
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/18 08:19:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 08:11:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/18 08:11:23 | 000,000,000 | ---D | M]

[2010/11/26 18:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DELL\Application Data\Mozilla\Extensions
[2011/08/18 08:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\extensions
[2011/08/16 16:26:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\extensions\{422707e2-3d0c-4056-be3d-4a4dc25eac15}
[2011/07/04 08:51:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/03 10:56:32 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\searchplugins\conduit.xml
[2011/05/23 11:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/18 08:19:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/06/14 22:47:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/01/18 20:54:58 | 000,425,925 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14674 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-776561741-1060284298-1547161642-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmartDefrag] C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-776561741-1060284298-1547161642-1003..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-776561741-1060284298-1547161642-1003..\Run: [EADM] C:\Program Files\Electronic Arts\EADM\EADMUI.exe (Electronic Arts)
O4 - HKU\S-1-5-21-776561741-1060284298-1547161642-1003..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1060284298-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1060284298-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1290810829234 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\DELL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DELL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/14 19:13:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/18 08:20:03 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/08/18 08:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/08/18 08:20:02 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/08/18 08:19:57 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/08/18 08:19:57 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/08/18 08:19:56 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/08/18 08:19:56 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/08/18 08:19:56 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/08/18 08:19:55 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/18 08:19:30 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/08/18 08:19:29 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/08/18 08:02:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/17 21:41:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DELL\Desktop\OTL.exe
[2011/08/10 12:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/08/10 11:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/08/09 12:58:31 | 004,051,248 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2011/08/09 12:58:08 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2011/08/09 12:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2011/08/09 12:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Start Menu\Programs\GamesCampus
[2011/08/09 12:46:18 | 000,000,000 | ---D | C] -- C:\GamesCampus
[2011/08/09 12:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Local Settings\Application Data\PMB Files
[2011/08/09 12:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/08/09 12:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/08/04 19:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/08/04 19:23:42 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\Documents and Settings\DELL\Desktop\*.tmp files -> C:\Documents and Settings\DELL\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/18 09:00:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/18 08:56:15 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/08/18 08:55:49 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/18 08:55:39 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/18 08:55:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/18 08:20:03 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/18 08:19:56 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/18 08:18:23 | 056,167,608 | ---- | M] () -- C:\Documents and Settings\DELL\Desktop\setup_av_free.exe
[2011/08/17 21:41:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DELL\Desktop\OTL.exe
[2011/08/17 10:06:16 | 000,000,097 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/08/10 12:20:54 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/10 11:58:01 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/08/09 12:49:00 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\DELL\Desktop\ShotOnline.lnk
[2011/08/09 12:42:08 | 770,401,959 | ---- | M] () -- C:\Documents and Settings\DELL\Desktop\ShotOnlineClient_ENG_COM_0615.exe
[2011/08/04 19:23:49 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/08/03 14:22:20 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 10:39:33 | 000,505,744 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\fight.gif
[2011/07/31 10:24:54 | 000,351,583 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\nooo.gif
[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/07/25 10:34:59 | 000,492,395 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\beauty.gif
[2011/07/24 19:47:35 | 000,081,708 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\starkid!.jpg
[2011/07/23 10:51:56 | 000,218,592 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\The Coolest Girl (AVPS) Sheet Music - Vocal Score (Project Enastron).pdf
[2011/07/23 10:25:12 | 000,267,487 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\haha.gif
[1 C:\Documents and Settings\DELL\Desktop\*.tmp files -> C:\Documents and Settings\DELL\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/18 08:20:03 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/18 08:17:06 | 056,167,608 | ---- | C] () -- C:\Documents and Settings\DELL\Desktop\setup_av_free.exe
[2011/08/17 10:06:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/08/10 12:25:46 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/10 11:59:02 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/10 11:58:01 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/08/09 12:58:07 | 000,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2011/08/09 12:49:00 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\DELL\Desktop\ShotOnline.lnk
[2011/08/09 12:28:21 | 770,401,959 | ---- | C] () -- C:\Documents and Settings\DELL\Desktop\ShotOnlineClient_ENG_COM_0615.exe
[2011/08/04 19:23:49 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/31 10:39:33 | 000,505,744 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\fight.gif
[2011/07/31 10:24:53 | 000,351,583 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\nooo.gif
[2011/07/25 10:34:58 | 000,492,395 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\beauty.gif
[2011/07/24 19:47:34 | 000,081,708 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\starkid!.jpg
[2011/07/23 10:51:55 | 000,218,592 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\The Coolest Girl (AVPS) Sheet Music - Vocal Score (Project Enastron).pdf
[2011/07/23 10:25:10 | 000,267,487 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\haha.gif
[2011/05/08 16:17:48 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/05/07 15:39:47 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2011/03/06 23:49:02 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/17 14:52:40 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\DELL\Application Data\uid_pal
[2010/11/26 18:33:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/26 18:27:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/26 13:48:39 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\DELL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/14 23:40:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/14 19:26:38 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/06/14 19:15:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/14 19:09:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/14 15:02:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/14 15:01:43 | 000,107,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/19 10:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 12:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 12:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 12:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 12:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 11:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/02 11:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

Edited by shmalligator, 18 August 2011 - 09:08 AM.

  • 0

#5
maliprog
Posted 18 August 2011 - 10:42 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please update your Malwarebytes and do Quick scan. After the scan post log here for me.
  • 0

#6
shmalligator
Posted 18 August 2011 - 07:12 PM

shmalligator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here is the mbam log.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7482

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/18/2011 9:10:06 PM
mbam-log-2011-08-18 (21-10-06).txt

Scan type: Quick scan
Objects scanned: 150780
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\networkservice\application data\0200000051e5d15f1406c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\0200000051e5d15f1406o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\0200000051e5d15f1406p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\0200000051e5d15f1406s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000051e5d15f1406c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000051e5d15f1406o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000051e5d15f1406p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000051e5d15f1406s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

#7
maliprog
Posted 18 August 2011 - 11:02 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi shmalligator,

Looking good... Let's do some more cleaning and after this step test your system then let me know how is it :).

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 41 24 41 04 46 8F 64 49 90 41 C7 8E 66 94 71 69 [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 41 24 41 04 46 8F 64 49 90 41 C7 8E 66 94 71 69 [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 41 24 41 04 46 8F 64 49 90 41 C7 8E 66 94 71 69 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 41 24 41 04 46 8F 64 49 90 41 C7 8E 66 94 71 69 [binary data]

    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

  • 0

#8
shmalligator
Posted 19 August 2011 - 06:25 AM

shmalligator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here is my OTL fix it log. :)

========== OTL ==========
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.

OTL by OldTimer - Version 3.2.26.5 log created on 08192011_082248
  • 0

#9
maliprog
Posted 19 August 2011 - 06:27 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good job! Please test your system and let me know if there is any malware related problems.
  • 0

#10
shmalligator
Posted 19 August 2011 - 06:38 AM

shmalligator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I'm experiencing Google redirects again, but everything else seems to be going normally.

Edited by shmalligator, 19 August 2011 - 06:39 AM.

  • 0

Advertisements

#11
maliprog
Posted 19 August 2011 - 06:41 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Do you get redirected in all browsers you use or this redirection only effect one browser?

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3


Please don't forget to include these items in your reply:

  • OTL log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#12
shmalligator
Posted 19 August 2011 - 07:02 AM

shmalligator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
It seems the google redirects are only occurring on firefox, not on IE.

This blank blue box popped up after running combofix and has been sitting here for about ten minutes, not doing anything. Is that typical?

Edited by shmalligator, 19 August 2011 - 07:04 AM.

  • 0

#13
maliprog
Posted 19 August 2011 - 07:06 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
It should write something in it... let it run for 15min and then try to run Combofix in Safe mode.

Please restart in safe mode:

  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#14
shmalligator
Posted 19 August 2011 - 07:34 AM

shmalligator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here is the combofix log...

ComboFix 11-08-18.03 - DELL 08/19/2011 9:17.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.628 [GMT -4:00]
Running from: c:\documents and settings\DELL\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\DELL\Application Data\Adobe\plugs
c:\documents and settings\DELL\Application Data\Adobe\shed
c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\extensions\{422707e2-3d0c-4056-be3d-4a4dc25eac15}
c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\extensions\{422707e2-3d0c-4056-be3d-4a4dc25eac15}\chrome.manifest
c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\extensions\{422707e2-3d0c-4056-be3d-4a4dc25eac15}\chrome\xulcache.jar
c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\extensions\{422707e2-3d0c-4056-be3d-4a4dc25eac15}\defaults\preferences\xulcache.js
c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\extensions\{422707e2-3d0c-4056-be3d-4a4dc25eac15}\install.rdf
c:\documents and settings\DELL\Application Data\uid_pal
.
.
((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))
.
.
2011-08-19 12:27 . 2011-08-19 12:27 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AAD7E90-503C-444F-8BC0-AC179682BE31}\MpKsle1fc4bd2.sys
2011-08-19 01:32 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AAD7E90-503C-444F-8BC0-AC179682BE31}\mpengine.dll
2011-08-18 12:20 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-18 12:20 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-18 12:19 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-18 12:19 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-18 12:19 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-18 12:19 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-18 12:19 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-18 12:19 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-18 12:19 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-18 12:19 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-18 12:02 . 2011-08-18 12:02 -------- d-----w- C:\_OTL
2011-08-16 21:10 . 2011-08-16 21:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-10 16:19 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-10 16:12 . 2011-08-10 16:12 -------- d-----w- c:\program files\MSXML 4.0
2011-08-09 16:58 . 2011-05-08 19:10 4051248 ----a-w- c:\windows\system32\GameMon.des
2011-08-09 16:58 . 2004-12-31 06:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2011-08-09 16:58 . 2003-07-16 15:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2011-08-09 16:57 . 2011-08-09 16:57 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-08-09 16:46 . 2011-08-09 16:46 -------- d-----w- C:\GamesCampus
2011-08-09 16:28 . 2011-08-19 13:07 -------- d-----w- c:\documents and settings\DELL\Local Settings\Application Data\PMB Files
2011-08-09 16:27 . 2011-08-09 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-08-09 16:27 . 2011-08-09 16:27 -------- d-----w- c:\program files\Pando Networks
2011-08-04 23:23 . 2011-08-04 23:23 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 02:44 . 2011-05-27 20:40 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-15 13:29 . 2008-04-14 05:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 05:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2011-01-20 15:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-01-20 15:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 20:10 . 2011-06-02 13:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-24 14:10 . 2009-06-14 23:08 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2008-04-14 10:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:36 . 2008-04-14 10:42 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2008-04-14 10:41 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2008-04-14 05:07 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 10:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2008-04-14 06:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files\Electronic Arts\EADM\EADMUI.exe" [2011-04-29 17529856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-09 3077528]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-09 2712920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-15 02:47 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57525:TCP"= 57525:TCP:Pando Media Booster
"57525:UDP"= 57525:UDP:Pando Media Booster
"1073:TCP"= 1073:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/18/2011 8:19 AM 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/18/2011 8:20 AM 309848]
S1 MpKsl057ba859;MpKsl057ba859;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17BFFBCF-9A1D-4CDC-9513-9E6D73A643FE}\MpKsl057ba859.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17BFFBCF-9A1D-4CDC-9513-9E6D73A643FE}\MpKsl057ba859.sys [?]
S1 MpKsl1f3a2816;MpKsl1f3a2816;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC448971-2578-4887-BC48-F58D0D8494BB}\MpKsl1f3a2816.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC448971-2578-4887-BC48-F58D0D8494BB}\MpKsl1f3a2816.sys [?]
S1 MpKsl5150d63b;MpKsl5150d63b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17BFFBCF-9A1D-4CDC-9513-9E6D73A643FE}\MpKsl5150d63b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17BFFBCF-9A1D-4CDC-9513-9E6D73A643FE}\MpKsl5150d63b.sys [?]
S1 MpKsl5d10ee4d;MpKsl5d10ee4d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A3B1F016-3A0B-4421-8C70-6713302B1082}\MpKsl5d10ee4d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A3B1F016-3A0B-4421-8C70-6713302B1082}\MpKsl5d10ee4d.sys [?]
S1 MpKslbec60011;MpKslbec60011;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9BE8080-C781-4CE1-831F-BDE3F3FF0AAB}\MpKslbec60011.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9BE8080-C781-4CE1-831F-BDE3F3FF0AAB}\MpKslbec60011.sys [?]
S1 MpKsle1fc4bd2;MpKsle1fc4bd2;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AAD7E90-503C-444F-8BC0-AC179682BE31}\MpKsle1fc4bd2.sys [8/19/2011 8:27 AM 28752]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [8/10/2011 11:57 AM 353168]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 6:42 AM 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/18/2011 8:20 AM 19544]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 2:13 PM 38144]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/20/2011 11:31 AM 41272]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 4:02 PM 287232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-19 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-08-10 18:46]
.
2011-08-19 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\GameBox.exe [2010-12-22 00:08]
.
2011-08-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: [email protected] - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-19 09:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\SecuROM\License information*]
"datasecu"=hex:ad,31,28,b6,a3,40,03,fb,db,e4,fa,9c,d4,c5,72,30,01,5c,19,df,e6,
53,5a,5d,0b,7c,0f,3f,55,0d,91,50,e8,3f,d7,14,55,37,cd,21,e0,e7,9e,6b,e4,5d,\
"rkeysecu"=hex:a4,39,de,35,0b,ea,56,6b,d0,a3,54,37,5a,80,92,3e
.
Completion time: 2011-08-19 09:26:22
ComboFix-quarantined-files.txt 2011-08-19 13:26
.
Pre-Run: 16,982,732,800 bytes free
Post-Run: 16,946,655,232 bytes free
.
- - End Of File - - B4D0AEC2A145099D3F92810B1D8155D5
  • 0

#15
shmalligator
Posted 19 August 2011 - 07:42 AM

shmalligator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
And here is the newest OTL log.

OTL logfile created on: 8/19/2011 9:34:24 AM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\DELL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 473.54 Mb Available Physical Memory | 46.70% Memory free
2.39 Gb Paging File | 1.91 Gb Available in Paging File | 80.13% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 15.83 Gb Free Space | 42.51% Space Free | Partition Type: NTFS

Computer Name: GX520 | User Name: DELL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/17 21:41:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DELL\desktop\OTL.exe
PRC - [2011/08/09 12:27:52 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/07/09 19:08:04 | 002,712,920 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
PRC - [2008/07/01 10:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/19 07:10:10 | 001,287,680 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11081900\algo.dll
MOD - [2011/08/18 18:04:46 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11081900\aswRep.dll
MOD - [2011/08/09 12:27:52 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/07/28 20:28:53 | 003,542,616 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll
MOD - [2011/05/28 14:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/05/28 14:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/05/28 14:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2009/01/12 19:56:14 | 000,071,504 | ---- | M] () -- C:\Program Files\IObit\IObit SmartDefrag\taskdll.dll
MOD - [2009/01/12 19:56:00 | 000,059,216 | ---- | M] () -- C:\Program Files\IObit\IObit SmartDefrag\NtfsData.dll
MOD - [2008/07/01 10:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
MOD - [2008/06/13 15:17:30 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WlanDll.dll
MOD - [2007/09/14 10:27:14 | 000,024,576 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\CheckSessions.dll
MOD - [2006/12/15 11:30:38 | 000,966,765 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/28 20:28:53 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/05/08 15:10:00 | 004,051,248 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKsle1fc4bd2)
DRV - [2011/08/19 09:31:00 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D621E933-851B-41F1-A1CD-A606FC531B3E}\MpKslaec12df6.sys -- (MpKslaec12df6)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/12/28 16:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2645238
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1203
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/18 08:19:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 08:11:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/18 08:11:23 | 000,000,000 | ---D | M]

[2010/11/26 18:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DELL\Application Data\Mozilla\Extensions
[2011/08/19 09:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\extensions
[2011/07/04 08:51:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/03 10:56:32 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\DELL\Application Data\Mozilla\Firefox\Profiles\u8soku1l.default\searchplugins\conduit.xml
[2011/05/23 11:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/18 08:19:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/06/14 22:47:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/08/19 09:23:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmartDefrag] C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [EADM] C:\Program Files\Electronic Arts\EADM\EADMUI.exe (Electronic Arts)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1290810829234 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\DELL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DELL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/14 19:13:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/19 09:26:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/19 09:11:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/19 09:11:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/19 09:11:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/19 09:11:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/19 08:51:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/19 08:50:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/19 08:44:35 | 004,177,927 | R--- | C] (Swearware) -- C:\Documents and Settings\DELL\Desktop\ComboFix.exe
[2011/08/18 08:20:03 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/08/18 08:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/08/18 08:20:02 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/08/18 08:19:57 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/08/18 08:19:57 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/08/18 08:19:56 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/08/18 08:19:56 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/08/18 08:19:56 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/08/18 08:19:55 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/18 08:19:30 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/08/18 08:19:29 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/08/18 08:02:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/17 21:41:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DELL\Desktop\OTL.exe
[2011/08/10 12:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/08/10 11:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/08/09 12:58:31 | 004,051,248 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2011/08/09 12:58:08 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2011/08/09 12:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2011/08/09 12:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Start Menu\Programs\GamesCampus
[2011/08/09 12:46:18 | 000,000,000 | ---D | C] -- C:\GamesCampus
[2011/08/09 12:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Local Settings\Application Data\PMB Files
[2011/08/09 12:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/08/09 12:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/08/04 19:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/08/04 19:23:42 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\Documents and Settings\DELL\Desktop\*.tmp files -> C:\Documents and Settings\DELL\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/19 09:33:37 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/19 09:29:03 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/08/19 09:28:54 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/19 09:28:47 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/19 09:28:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/19 09:23:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/19 08:45:04 | 004,177,927 | R--- | M] (Swearware) -- C:\Documents and Settings\DELL\Desktop\ComboFix.exe
[2011/08/18 08:20:03 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/18 08:19:56 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/17 21:41:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DELL\Desktop\OTL.exe
[2011/08/17 10:06:16 | 000,000,097 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/08/10 12:20:54 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/10 11:58:01 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/08/09 12:49:00 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\DELL\Desktop\ShotOnline.lnk
[2011/08/09 12:42:08 | 770,401,959 | ---- | M] () -- C:\Documents and Settings\DELL\Desktop\ShotOnlineClient_ENG_COM_0615.exe
[2011/08/04 19:23:49 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/08/03 14:22:20 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 10:39:33 | 000,505,744 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\fight.gif
[2011/07/31 10:24:54 | 000,351,583 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\nooo.gif
[2011/07/25 10:34:59 | 000,492,395 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\beauty.gif
[2011/07/24 19:47:35 | 000,081,708 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\starkid!.jpg
[2011/07/23 10:51:56 | 000,218,592 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\The Coolest Girl (AVPS) Sheet Music - Vocal Score (Project Enastron).pdf
[2011/07/23 10:25:12 | 000,267,487 | ---- | M] () -- C:\Documents and Settings\DELL\My Documents\haha.gif
[1 C:\Documents and Settings\DELL\Desktop\*.tmp files -> C:\Documents and Settings\DELL\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/19 09:11:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/19 09:11:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/19 09:11:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/19 09:11:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/19 09:11:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/18 08:20:03 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/17 10:06:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/08/10 12:25:46 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/10 11:59:02 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/10 11:58:01 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/08/09 12:58:07 | 000,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2011/08/09 12:49:00 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\DELL\Desktop\ShotOnline.lnk
[2011/08/09 12:28:21 | 770,401,959 | ---- | C] () -- C:\Documents and Settings\DELL\Desktop\ShotOnlineClient_ENG_COM_0615.exe
[2011/08/04 19:23:49 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/31 10:39:33 | 000,505,744 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\fight.gif
[2011/07/31 10:24:53 | 000,351,583 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\nooo.gif
[2011/07/25 10:34:58 | 000,492,395 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\beauty.gif
[2011/07/24 19:47:34 | 000,081,708 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\starkid!.jpg
[2011/07/23 10:51:55 | 000,218,592 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\The Coolest Girl (AVPS) Sheet Music - Vocal Score (Project Enastron).pdf
[2011/07/23 10:25:10 | 000,267,487 | ---- | C] () -- C:\Documents and Settings\DELL\My Documents\haha.gif
[2011/05/08 16:17:48 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/05/07 15:39:47 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2011/03/06 23:49:02 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/26 18:33:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/26 18:27:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/26 13:48:39 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\DELL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/14 23:40:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/14 19:26:38 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/06/14 19:15:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/14 19:09:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/14 15:02:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/14 15:01:43 | 000,107,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/19 10:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 12:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 12:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 12:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 12:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 11:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/02 11:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/05/08 12:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/08/18 08:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/12/25 12:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/12/21 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/05/08 16:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/09 12:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/08/19 09:28:47 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/08/19 09:29:03 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job
[2011/08/19 09:33:37 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP