Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Stubborn Online Guard!

Started by hutina , Oct 10 2011 12:18 AM

This topic is locked

#16
hutina

Posted 11 October 2011 - 12:22 AM

Member

Topic Starter
Member
47 posts

restarted the computer and ran OTL in safe mode
here's the log

OTL logfile created on: 10/10/2011 11:13:25 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Tina\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 87.42% Memory free
6.00 Gb Paging File | 5.65 Gb Available in Paging File | 94.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 151.71 Gb Free Space | 52.67% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.34 Gb Free Space | 53.44% Space Free | Partition Type: NTFS

Computer Name: TINA-PC | User Name: Tina | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 23:47:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.scr
PRC - [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (BrowserSeek Service)
SRV - [2011/10/07 15:35:12 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2011/10/07 15:35:11 | 000,206,152 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV - [2011/09/21 01:27:04 | 000,366,408 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/06/07 18:35:12 | 001,775,432 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/02/28 01:21:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/31 15:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)

========== Driver Services (SafeList) ==========

DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Users\Tina\AppData\Local\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Users\Tina\AppData\Local\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/03/02 15:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/03/02 15:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,zh-CN;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C F6 B3 86 C5 86 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.7
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..keyword.URL: "http://www.browserse...skGG&keywords="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Tina\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Tina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 16:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/09 23:31:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Tina\AppData\Roaming\Move Networks [2010/01/18 11:08:50 | 000,000,000 | ---D | M]

[2009/12/20 20:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Extensions
[2011/10/02 09:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\lzf6aeei.default\extensions
[2010/12/13 16:38:28 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\lzf6aeei.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011/10/09 20:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/09 20:28:01 | 000,000,000 | ---D | M] (BrowserSeek) -- C:\Program Files\Mozilla Firefox\extensions\{BDD34CBB-CC2C-4BDE-A25F-66D443E78F9C}
[2010/04/29 00:04:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/22 20:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\{C6128004-4838-4708-9A97-BB172D17767D}.XPI
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\[email protected]
[2011/09/30 16:19:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/16 15:39:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/10 02:51:44 | 000,000,882 | RH-- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 95.64.61.143 www.google.com
O1 - Hosts: 95.64.61.144 www.bing.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tina\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe File not found
O4 - HKLM..\Run: [ZnnGG4aamH6WJfE8234A] C:\Windows\System32\YNNNtxxP0ucSib3.exe ()
O4 - HKCU..\Run: [{0AC2812E-94E6-5E97-7142-5041BC926A9B}] C:\Users\Tina\AppData\Roaming\Cua\wuhitak.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://mybank.icbc....afeControls.cab (AxSubmitControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://download.ppli...pluginsetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F591307-4E32-498D-AD4C-D7BD8EE92AF9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 22:59:52 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\mnG5aQH6dKfLgXj
[2011/10/10 22:59:52 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\CCekIVrzOyAuSiF
[2011/10/10 22:52:28 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Users\Tina\DesktopWinsockxpFix.exe
[2011/10/10 22:52:20 | 000,186,368 | ---- | C] (CEXX.ORG) -- C:\Users\Tina\DesktopLSPFix.exe
[2011/10/10 22:52:18 | 000,036,864 | ---- | C] (Rock Systems & Development) -- C:\Users\Tina\DesktopSafeMSI.exe
[2011/10/10 22:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\CA-SupportBridge
[2011/10/10 22:27:13 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\QycA1ivD2n4
[2011/10/10 22:27:13 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\mmH5sQJ7dKgZhXj
[2011/10/10 22:15:38 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\rEL8gTZqhCkVlBx
[2011/10/10 22:15:37 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\XL9gTZqjCk
[2011/10/10 22:15:36 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\tGQdKhwCBNAS3df
[2011/10/10 22:15:34 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\aSi3FHWd8qXUlt0
[2011/10/10 22:15:33 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\lciDGm6JEgqCUlt
[2011/10/10 22:09:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/10 17:54:00 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Xaole
[2011/10/10 17:54:00 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Cua
[2011/10/10 17:13:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\WindowsVerifierUpdate.dll
[2011/10/10 17:02:38 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\WibD3onG4m6W7E8
[2011/10/10 17:02:38 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\UwkIVrlONx0c1b3
[2011/10/10 17:02:36 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Wms6Ef9XUeIrNxu
[2011/10/10 17:02:35 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\bFms7KRhwUltPcu
[2011/10/10 17:00:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/10 16:59:29 | 004,253,235 | R--- | C] (Swearware) -- C:\Users\Tina\Desktop\ComboFix.exe
[2011/10/10 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\TVVrzNtxA0uS
[2011/10/10 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\pQHH6dW7RL9gXjC
[2011/10/10 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\pHddWffR9XqCVOt
[2011/10/09 23:47:38 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.scr
[2011/10/09 23:45:46 | 000,748,643 | ---- | C] (maliprog @ Geekstogo) -- C:\Users\Tina\Desktop\explorer.exe
[2011/10/09 23:36:37 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/10/09 23:36:37 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/10/09 23:36:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/09 23:09:02 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/09 23:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/09 22:38:38 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\iexplore.exe
[2011/10/09 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online
[2011/10/09 21:21:16 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/10/09 20:56:50 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/09 20:41:49 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\ElevatedDiagnostics
[2011/10/09 20:25:14 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/09/13 20:57:01 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\VS Revo Group
[2011/09/13 20:56:55 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/09/13 20:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/09/13 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

========== Files - Modified Within 30 Days ==========

[2011/10/10 23:08:47 | 000,147,652 | ---- | M] () -- C:\Users\Tina\Desktop\screen.png
[2011/10/10 23:08:32 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/10 23:08:32 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/10 23:04:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/10 23:04:04 | 2415,120,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 23:01:55 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 23:01:55 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 22:59:52 | 000,001,886 | ---- | M] () -- C:\Users\Tina\Desktop\Guard Online .lnk
[2011/10/10 22:52:28 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Users\Tina\DesktopWinsockxpFix.exe
[2011/10/10 22:52:20 | 000,186,368 | ---- | M] (CEXX.ORG) -- C:\Users\Tina\DesktopLSPFix.exe
[2011/10/10 22:52:18 | 000,036,864 | ---- | M] (Rock Systems & Development) -- C:\Users\Tina\DesktopSafeMSI.exe
[2011/10/10 22:26:21 | 000,222,316 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2011/10/10 22:25:55 | 003,042,304 | ---- | M] () -- C:\Windows\System32\YNNNtxxP0ucSib3.exe
[2011/10/10 22:14:17 | 000,000,000 | ---- | M] () -- C:\Windows\712404934
[2011/10/10 17:42:52 | 000,049,152 | ---- | M] () -- C:\Windows\System32\sname
[2011/10/10 17:39:56 | 000,049,152 | ---- | M] () -- C:\Windows\System32\mdhcp32.dll
[2011/10/10 17:27:41 | 003,042,304 | ---- | M] () -- C:\Windows\System32\q666sWJJ7.exe
[2011/10/10 16:59:42 | 004,253,235 | R--- | M] (Swearware) -- C:\Users\Tina\Desktop\ComboFix.exe
[2011/10/10 16:53:46 | 000,000,337 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2011/10/10 16:41:08 | 003,042,304 | ---- | M] () -- C:\Windows\System32\ottzNyc4K9hTUlr.exe
[2011/10/10 16:40:32 | 003,042,304 | ---- | M] () -- C:\Windows\System32\F11ivD33onFa.exe
[2011/10/10 16:39:39 | 003,042,304 | ---- | M] () -- C:\Windows\System32\GwkUeBP0yDon4m5.exe
[2011/10/10 16:38:16 | 000,001,213 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\ldr.ini
[2011/10/10 02:51:44 | 000,000,882 | RH-- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/09 23:47:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.scr
[2011/10/09 23:45:48 | 000,748,643 | ---- | M] (maliprog @ Geekstogo) -- C:\Users\Tina\Desktop\explorer.exe
[2011/10/09 23:43:31 | 001,863,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/09 23:36:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2011/10/09 22:40:56 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/09 22:38:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\iexplore.exe
[2011/10/09 21:15:38 | 000,001,267 | ---- | M] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller.lnk
[2011/09/30 16:19:14 | 000,002,000 | ---- | M] () -- C:\Users\Tina\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/13 20:56:55 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/09/13 20:55:29 | 000,001,267 | ---- | M] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller Pro.lnk

========== Files Created - No Company Name ==========

[2011/10/10 23:08:47 | 000,147,652 | ---- | C] () -- C:\Users\Tina\Desktop\screen.png
[2011/10/10 22:25:55 | 003,042,304 | ---- | C] () -- C:\Windows\System32\YNNNtxxP0ucSib3.exe
[2011/10/10 17:42:32 | 000,049,152 | ---- | C] () -- C:\Windows\System32\sname
[2011/10/10 17:39:56 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mdhcp32.dll
[2011/10/10 17:27:41 | 003,042,304 | ---- | C] () -- C:\Windows\System32\q666sWJJ7.exe
[2011/10/10 17:02:36 | 000,001,886 | ---- | C] () -- C:\Users\Tina\Desktop\Guard Online .lnk
[2011/10/10 17:01:38 | 000,000,000 | ---- | C] () -- C:\Windows\712404934
[2011/10/10 16:41:08 | 003,042,304 | ---- | C] () -- C:\Windows\System32\ottzNyc4K9hTUlr.exe
[2011/10/10 16:40:32 | 003,042,304 | ---- | C] () -- C:\Windows\System32\F11ivD33onFa.exe
[2011/10/10 16:39:39 | 003,042,304 | ---- | C] () -- C:\Windows\System32\GwkUeBP0yDon4m5.exe
[2011/10/09 23:36:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2011/10/09 22:35:43 | 000,001,213 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\ldr.ini
[2011/10/09 00:17:49 | 000,000,337 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2011/10/08 10:03:25 | 000,001,267 | ---- | C] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller.lnk
[2011/09/13 21:57:18 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/13 20:56:55 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/09/13 20:55:29 | 000,001,267 | ---- | C] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller Pro.lnk
[2011/07/25 11:47:28 | 000,000,075 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2010/12/12 23:25:59 | 000,000,248 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2010/12/12 23:25:41 | 000,000,305 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2010/12/12 23:23:55 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/12/29 23:07:20 | 000,007,618 | ---- | C] () -- C:\Users\Tina\AppData\Local\Resmon.ResmonCfg
[2009/12/22 21:27:50 | 000,022,723 | ---- | C] () -- C:\Windows\System32\SUGO3l3.dll
[2009/12/21 01:12:32 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/12/21 01:12:32 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/12/20 18:40:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 001,863,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/05/27 11:38:56 | 000,005,552 | R--- | C] () -- C:\Program Files\ReadMe.htm

========== LOP Check ==========

[2011/10/10 22:15:35 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\aSi3FHWd8qXUlt0
[2011/10/10 17:02:35 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\bFms7KRhwUltPcu
[2011/10/04 22:39:56 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\BITS
[2010/04/26 16:04:21 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Canon
[2011/10/10 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\CCekIVrzOyAuSiF
[2011/10/10 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Cua
[2011/03/28 23:22:34 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Design Science
[2011/09/13 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Downloaded Installations
[2011/10/09 21:13:30 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Dropbox
[2011/07/25 12:41:35 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Eltima Software
[2010/12/12 23:23:50 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\FlashGet
[2010/12/12 23:23:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\FlashGetBHO
[2011/10/10 22:15:33 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\lciDGm6JEgqCUlt
[2011/10/10 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\mmH5sQJ7dKgZhXj
[2011/10/10 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\mnG5aQH6dKfLgXj
[2011/08/01 19:51:46 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Nitro PDF
[2011/09/13 21:50:25 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Octoshape
[2011/10/10 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\pHddWffR9XqCVOt
[2010/09/26 14:09:45 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PPlive
[2011/09/13 21:50:26 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PPStream
[2011/10/10 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\pQHH6dW7RL9gXjC
[2011/10/10 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\QycA1ivD2n4
[2011/02/21 10:28:11 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\RayV
[2011/10/10 22:15:38 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\rEL8gTZqhCkVlBx
[2011/10/10 22:15:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\tGQdKhwCBNAS3df
[2011/10/10 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\TVVrzNtxA0uS
[2011/10/10 17:02:38 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\UwkIVrlONx0c1b3
[2011/10/10 17:02:38 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\WibD3onG4m6W7E8
[2011/10/10 17:02:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Wms6Ef9XUeIrNxu
[2011/10/10 22:18:40 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Xaole
[2011/10/10 22:15:37 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\XL9gTZqjCk
[2011/10/10 22:26:10 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\Windows\712404934:965773781.exe
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:37A3705D

< End of report >

Thanks

#17
hutina

Posted 11 October 2011 - 12:27 AM

Member

Topic Starter
Member
47 posts

yup, i still see CA listed

#18
maliprog

Posted 11 October 2011 - 12:29 AM

Trusted Helper

Malware Removal
6,172 posts

There are still two CA services on your system. Let's remove them with OTL. Restart your system after this step and run Combofix. It should start this time.

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - [2011/10/07 15:35:12 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2011/10/07 15:35:11 | 000,206,152 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)

:Commands
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

#19
hutina

Posted 11 October 2011 - 12:47 AM

Member

Topic Starter
Member
47 posts

first of all thank yo so much for the quick responses
Ran OTL rebooted computer in normal mode proceeded with combofix same exact problem
restarted once more in safe mode still couldn't continue with combofix due to CA anti-virus same exact message.
here's the new log from OTL
OTL logfile created on: 10/10/2011 11:38:11 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Tina\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 81.55% Memory free
6.00 Gb Paging File | 5.46 Gb Available in Paging File | 91.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 151.72 Gb Free Space | 52.68% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.34 Gb Free Space | 53.44% Space Free | Partition Type: NTFS

Computer Name: TINA-PC | User Name: Tina | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 23:47:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.scr
PRC - [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (BrowserSeek Service)
SRV - [2011/09/21 01:27:04 | 000,366,408 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/06/07 18:35:12 | 001,775,432 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/02/28 01:21:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/31 15:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)

========== Driver Services (SafeList) ==========

DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Users\Tina\AppData\Local\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Users\Tina\AppData\Local\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/03/02 15:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/03/02 15:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,zh-CN;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C F6 B3 86 C5 86 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.7
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..keyword.URL: "http://www.browserse...skGG&keywords="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Tina\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Tina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 16:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/09 23:31:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Tina\AppData\Roaming\Move Networks [2010/01/18 11:08:50 | 000,000,000 | ---D | M]

[2009/12/20 20:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Extensions
[2011/10/02 09:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\lzf6aeei.default\extensions
[2010/12/13 16:38:28 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\lzf6aeei.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011/10/09 20:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/09 20:28:01 | 000,000,000 | ---D | M] (BrowserSeek) -- C:\Program Files\Mozilla Firefox\extensions\{BDD34CBB-CC2C-4BDE-A25F-66D443E78F9C}
[2010/04/29 00:04:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/22 20:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\{C6128004-4838-4708-9A97-BB172D17767D}.XPI
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\[email protected]
[2011/09/30 16:19:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/16 15:39:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/10 02:51:44 | 000,000,882 | RH-- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 95.64.61.143 www.google.com
O1 - Hosts: 95.64.61.144 www.bing.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tina\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe File not found
O4 - HKLM..\Run: [ZnnGG4aamH6WJfE8234A] C:\Windows\System32\YNNNtxxP0ucSib3.exe ()
O4 - HKCU..\Run: [{0AC2812E-94E6-5E97-7142-5041BC926A9B}] C:\Users\Tina\AppData\Roaming\Cua\wuhitak.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://mybank.icbc....afeControls.cab (AxSubmitControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://download.ppli...pluginsetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F591307-4E32-498D-AD4C-D7BD8EE92AF9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 23:35:39 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\IG5aQJ6dW8R9
[2011/10/10 23:35:39 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\dlIBrzPNyAuSoFp
[2011/10/10 22:59:52 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\mnG5aQH6dKfLgXj
[2011/10/10 22:59:52 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\CCekIVrzOyAuSiF
[2011/10/10 22:52:28 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Users\Tina\DesktopWinsockxpFix.exe
[2011/10/10 22:52:20 | 000,186,368 | ---- | C] (CEXX.ORG) -- C:\Users\Tina\DesktopLSPFix.exe
[2011/10/10 22:52:18 | 000,036,864 | ---- | C] (Rock Systems & Development) -- C:\Users\Tina\DesktopSafeMSI.exe
[2011/10/10 22:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\CA-SupportBridge
[2011/10/10 22:27:13 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\QycA1ivD2n4
[2011/10/10 22:27:13 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\mmH5sQJ7dKgZhXj
[2011/10/10 22:15:38 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\rEL8gTZqhCkVlBx
[2011/10/10 22:15:37 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\XL9gTZqjCk
[2011/10/10 22:15:36 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\tGQdKhwCBNAS3df
[2011/10/10 22:15:34 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\aSi3FHWd8qXUlt0
[2011/10/10 22:15:33 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\lciDGm6JEgqCUlt
[2011/10/10 22:09:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/10 17:54:00 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Xaole
[2011/10/10 17:54:00 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Cua
[2011/10/10 17:13:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\WindowsVerifierUpdate.dll
[2011/10/10 17:02:38 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\WibD3onG4m6W7E8
[2011/10/10 17:02:38 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\UwkIVrlONx0c1b3
[2011/10/10 17:02:36 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Wms6Ef9XUeIrNxu
[2011/10/10 17:02:35 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\bFms7KRhwUltPcu
[2011/10/10 17:00:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/10 16:59:29 | 004,253,235 | R--- | C] (Swearware) -- C:\Users\Tina\Desktop\ComboFix.exe
[2011/10/10 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\TVVrzNtxA0uS
[2011/10/10 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\pQHH6dW7RL9gXjC
[2011/10/10 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\pHddWffR9XqCVOt
[2011/10/09 23:47:38 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.scr
[2011/10/09 23:45:46 | 000,748,643 | ---- | C] (maliprog @ Geekstogo) -- C:\Users\Tina\Desktop\explorer.exe
[2011/10/09 23:36:37 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/10/09 23:36:37 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/10/09 23:36:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/09 23:09:02 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/09 23:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/09 22:38:38 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\iexplore.exe
[2011/10/09 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online
[2011/10/09 21:21:16 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/10/09 20:56:50 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/09 20:41:49 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\ElevatedDiagnostics
[2011/10/09 20:25:14 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/09/13 20:57:01 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\VS Revo Group
[2011/09/13 20:56:55 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/09/13 20:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/09/13 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

========== Files - Modified Within 30 Days ==========

[2011/10/10 23:37:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/10 23:37:31 | 2415,120,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 23:35:39 | 000,001,874 | ---- | M] () -- C:\Users\Tina\Desktop\Guard Online .lnk
[2011/10/10 23:08:47 | 000,147,652 | ---- | M] () -- C:\Users\Tina\Desktop\screen.png
[2011/10/10 23:08:32 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/10 23:08:32 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/10 23:01:55 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 23:01:55 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 22:52:28 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Users\Tina\DesktopWinsockxpFix.exe
[2011/10/10 22:52:20 | 000,186,368 | ---- | M] (CEXX.ORG) -- C:\Users\Tina\DesktopLSPFix.exe
[2011/10/10 22:52:18 | 000,036,864 | ---- | M] (Rock Systems & Development) -- C:\Users\Tina\DesktopSafeMSI.exe
[2011/10/10 22:26:21 | 000,222,316 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2011/10/10 22:25:55 | 003,042,304 | ---- | M] () -- C:\Windows\System32\YNNNtxxP0ucSib3.exe
[2011/10/10 22:14:17 | 000,000,000 | ---- | M] () -- C:\Windows\712404934
[2011/10/10 17:42:52 | 000,049,152 | ---- | M] () -- C:\Windows\System32\sname
[2011/10/10 17:39:56 | 000,049,152 | ---- | M] () -- C:\Windows\System32\mdhcp32.dll
[2011/10/10 17:27:41 | 003,042,304 | ---- | M] () -- C:\Windows\System32\q666sWJJ7.exe
[2011/10/10 16:59:42 | 004,253,235 | R--- | M] (Swearware) -- C:\Users\Tina\Desktop\ComboFix.exe
[2011/10/10 16:53:46 | 000,000,337 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2011/10/10 16:53:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2011/10/10 16:41:08 | 003,042,304 | ---- | M] () -- C:\Windows\System32\ottzNyc4K9hTUlr.exe
[2011/10/10 16:40:32 | 003,042,304 | ---- | M] () -- C:\Windows\System32\F11ivD33onFa.exe
[2011/10/10 16:39:39 | 003,042,304 | ---- | M] () -- C:\Windows\System32\GwkUeBP0yDon4m5.exe
[2011/10/10 16:38:16 | 000,001,213 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\ldr.ini
[2011/10/10 02:51:44 | 000,000,882 | RH-- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/09 23:47:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.scr
[2011/10/09 23:45:48 | 000,748,643 | ---- | M] (maliprog @ Geekstogo) -- C:\Users\Tina\Desktop\explorer.exe
[2011/10/09 23:43:31 | 001,863,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/09 23:36:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2011/10/09 22:40:56 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/09 22:38:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\iexplore.exe
[2011/10/09 21:15:38 | 000,001,267 | ---- | M] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller.lnk
[2011/09/30 16:19:14 | 000,002,000 | ---- | M] () -- C:\Users\Tina\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/13 20:56:55 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/09/13 20:55:29 | 000,001,267 | ---- | M] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller Pro.lnk

========== Files Created - No Company Name ==========

[2011/10/10 23:08:47 | 000,147,652 | ---- | C] () -- C:\Users\Tina\Desktop\screen.png
[2011/10/10 22:25:55 | 003,042,304 | ---- | C] () -- C:\Windows\System32\YNNNtxxP0ucSib3.exe
[2011/10/10 17:42:32 | 000,049,152 | ---- | C] () -- C:\Windows\System32\sname
[2011/10/10 17:39:56 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mdhcp32.dll
[2011/10/10 17:27:41 | 003,042,304 | ---- | C] () -- C:\Windows\System32\q666sWJJ7.exe
[2011/10/10 17:02:36 | 000,001,874 | ---- | C] () -- C:\Users\Tina\Desktop\Guard Online .lnk
[2011/10/10 17:01:38 | 000,000,000 | ---- | C] () -- C:\Windows\712404934
[2011/10/10 16:41:08 | 003,042,304 | ---- | C] () -- C:\Windows\System32\ottzNyc4K9hTUlr.exe
[2011/10/10 16:40:32 | 003,042,304 | ---- | C] () -- C:\Windows\System32\F11ivD33onFa.exe
[2011/10/10 16:39:39 | 003,042,304 | ---- | C] () -- C:\Windows\System32\GwkUeBP0yDon4m5.exe
[2011/10/09 23:36:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2011/10/09 22:35:43 | 000,001,213 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\ldr.ini
[2011/10/09 00:17:49 | 000,000,337 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2011/10/08 10:03:25 | 000,001,267 | ---- | C] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller.lnk
[2011/09/13 21:57:18 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/13 20:56:55 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/09/13 20:55:29 | 000,001,267 | ---- | C] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller Pro.lnk
[2011/07/25 11:47:28 | 000,000,075 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2010/12/12 23:25:59 | 000,000,248 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2010/12/12 23:25:41 | 000,000,305 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2010/12/12 23:23:55 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/12/29 23:07:20 | 000,007,618 | ---- | C] () -- C:\Users\Tina\AppData\Local\Resmon.ResmonCfg
[2009/12/22 21:27:50 | 000,022,723 | ---- | C] () -- C:\Windows\System32\SUGO3l3.dll
[2009/12/21 01:12:32 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/12/21 01:12:32 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/12/20 18:40:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 001,863,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/05/27 11:38:56 | 000,005,552 | R--- | C] () -- C:\Program Files\ReadMe.htm

========== LOP Check ==========

[2011/10/10 22:15:35 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\aSi3FHWd8qXUlt0
[2011/10/10 17:02:35 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\bFms7KRhwUltPcu
[2011/10/04 22:39:56 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\BITS
[2010/04/26 16:04:21 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Canon
[2011/10/10 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\CCekIVrzOyAuSiF
[2011/10/10 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Cua
[2011/03/28 23:22:34 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Design Science
[2011/10/10 23:35:39 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\dlIBrzPNyAuSoFp
[2011/09/13 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Downloaded Installations
[2011/10/09 21:13:30 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Dropbox
[2011/07/25 12:41:35 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Eltima Software
[2010/12/12 23:23:50 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\FlashGet
[2010/12/12 23:23:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\FlashGetBHO
[2011/10/10 23:35:39 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\IG5aQJ6dW8R9
[2011/10/10 22:15:33 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\lciDGm6JEgqCUlt
[2011/10/10 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\mmH5sQJ7dKgZhXj
[2011/10/10 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\mnG5aQH6dKfLgXj
[2011/08/01 19:51:46 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Nitro PDF
[2011/09/13 21:50:25 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Octoshape
[2011/10/10 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\pHddWffR9XqCVOt
[2010/09/26 14:09:45 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PPlive
[2011/09/13 21:50:26 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PPStream
[2011/10/10 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\pQHH6dW7RL9gXjC
[2011/10/10 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\QycA1ivD2n4
[2011/02/21 10:28:11 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\RayV
[2011/10/10 22:15:38 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\rEL8gTZqhCkVlBx
[2011/10/10 22:15:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\tGQdKhwCBNAS3df
[2011/10/10 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\TVVrzNtxA0uS
[2011/10/10 17:02:38 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\UwkIVrlONx0c1b3
[2011/10/10 17:02:38 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\WibD3onG4m6W7E8
[2011/10/10 17:02:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Wms6Ef9XUeIrNxu
[2011/10/10 22:18:40 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Xaole
[2011/10/10 22:15:37 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\XL9gTZqjCk
[2011/10/10 22:26:10 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\Windows\712404934:965773781.exe
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:37A3705D

< End of report >

Edited by hutina, 11 October 2011 - 12:54 AM.

#20
hutina

Posted 11 October 2011 - 12:56 AM

Member

Topic Starter
Member
47 posts

it's getting late...
so i am going to take a break from this and continue with it tomorrow
again thank you so much for all your help

#21
maliprog

Posted 11 October 2011 - 12:57 AM

Trusted Helper

Malware Removal
6,172 posts

Let's try like this... After this step try to run Combofix again.

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/10/10 22:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\CA-SupportBridge
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.

:Commands
[purity]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

#22
hutina

Posted 11 October 2011 - 05:00 PM

Member

Topic Starter
Member
47 posts

still not working...Combofix unable to run
I am not sure if "guard online" is the one that's creating this un-installation mess.
The program is not showing under Add/Remove or the start menu --> program.
However, there still exist a CA folder under program files that holds all the CA anti virus files and I am not able to delete them in normal or safe mode with the statement that program is currently in use.
And if i right click on a file, the drop down menu still has the option of running a virus scan using CA.
So it is not completely uninstalled.
and I tried to force uninstall again, didn't work and gave me an error message.

Edited by hutina, 11 October 2011 - 05:21 PM.

#23
maliprog

Posted 11 October 2011 - 11:30 PM

Trusted Helper

Malware Removal
6,172 posts

We'll leave Combofix for one scan and try to run VRT. Maybe infection is interfering with removing CA... could be...

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

#24
hutina

Posted 12 October 2011 - 09:03 PM

Member

Topic Starter
Member
47 posts

had issue running Virus Removal Tool as well

something very strange happened during one scan.
kaspersky prompted to reboot upon completion because the removal of one particular threat required it.
I ok'ed that and a second kaspersky popup window appeared and was running a different scan (sorry didn't do a screen cap) but it is the "online guard" program running. computer rebooted after that and I had to start a new scan.
sorry if this sounds very confusing
so after several unsuccessful scans, i was finally able to finish
here's the log
Status: Deleted (events: 3)
10/12/2011 7:39:16 PM Deleted Trojan program Trojan.Win32.Cossta.pyo C:\_OTL\MovedFiles\10102011_170049\C_Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crss.exe High
10/12/2011 7:39:17 PM Deleted Trojan program Trojan.Win32.FakeAV.emhb C:\_OTL\MovedFiles\10102011_170049\C_Windows\System32\C6EEK88fRZ9TXj.exe High
10/12/2011 7:39:17 PM Deleted Trojan program Trojan.Win32.FakeAV.emhb C:\_OTL\MovedFiles\10102011_170049\C_Windows\System32\T33ppmGG5.exe High
only detected 3 on the last scan...

#25
hutina

Posted 12 October 2011 - 09:19 PM

Member

Topic Starter
Member
47 posts

and windows explorer is constantly running into the stops working and restarting issue.
happens when i right click files (but not every single time)
I am also including a screen shot of the CA folder under program files.

Attached Thumbnails

Edited by hutina, 12 October 2011 - 09:31 PM.

#26
maliprog

Posted 12 October 2011 - 11:34 PM

Trusted Helper

Malware Removal
6,172 posts

Hi hutina,

VRT probably found infection and tried to remove it after restart...

Step 1

OK. Can you try to install CA again. After that try to remove it from Control Panel Add/Remove programs. Maybe this will work.

Step 2

Run OTL.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

#27
hutina

Posted 13 October 2011 - 12:23 AM

Member

Topic Starter
Member
47 posts

installed and uninstall ran into the same uninstallation issue and had to force uninstall
here's the OTL log
OTL logfile created on: 10/12/2011 11:19:35 PM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Tina\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 71.19% Memory free
6.00 Gb Paging File | 5.11 Gb Available in Paging File | 85.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 152.03 Gb Free Space | 52.78% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.34 Gb Free Space | 53.44% Space Free | Partition Type: NTFS

Computer Name: TINA-PC | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 23:47:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.scr
PRC - [2011/09/21 01:27:04 | 000,366,408 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2011/06/07 18:35:12 | 001,775,432 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/06/07 18:34:54 | 002,404,680 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011/05/28 03:24:38 | 000,206,152 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/03/31 15:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/28 15:54:10 | 000,411,048 | ---- | M] () -- C:\Program Files\Perfect Uninstaller\Contextmenu.dll
MOD - [2010/02/10 19:10:10 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (BrowserSeek Service)
SRV - [2011/09/21 01:27:04 | 000,366,408 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/06/07 18:35:12 | 001,775,432 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/05/28 03:24:38 | 000,206,152 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe -- (CAAMSvc)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/02/28 01:21:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/31 15:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)

========== Driver Services (SafeList) ==========

DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\Tina\AppData\Local\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\Tina\AppData\Local\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/03/02 15:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/03/02 15:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,zh-CN;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C F6 B3 86 C5 86 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.7
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..keyword.URL: "http://www.browserse...skGG&keywords="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Tina\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Tina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 16:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/09 23:31:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Tina\AppData\Roaming\Move Networks [2010/01/18 11:08:50 | 000,000,000 | ---D | M]

[2009/12/20 20:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Extensions
[2011/10/02 09:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\lzf6aeei.default\extensions
[2010/12/13 16:38:28 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\lzf6aeei.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011/10/09 20:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/09 20:28:01 | 000,000,000 | ---D | M] (BrowserSeek) -- C:\Program Files\Mozilla Firefox\extensions\{BDD34CBB-CC2C-4BDE-A25F-66D443E78F9C}
[2010/04/29 00:04:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/22 20:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\{C6128004-4838-4708-9A97-BB172D17767D}.XPI
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\[email protected]
[2011/09/30 16:19:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/16 15:39:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/10 02:51:44 | 000,000,882 | RH-- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 95.64.61.143 www.google.com
O1 - Hosts: 95.64.61.144 www.bing.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tina\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe" File not found
O4 - HKLM..\Run: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://mybank.icbc....afeControls.cab (AxSubmitControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://download.ppli...pluginsetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F591307-4E32-498D-AD4C-D7BD8EE92AF9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 23:08:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\winsflte.dl1
[2011/10/12 23:08:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\winsflt.dl1
[2011/10/12 22:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2011/10/12 22:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA
[2011/10/12 20:12:14 | 000,000,000 | ---D | C] -- C:\Rbackup
[2011/10/12 20:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
[2011/10/12 20:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2011/10/12 06:47:53 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\P1uvD2obFpGsJdK
[2011/10/12 06:47:53 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\cRZ9hTXwjClBzNx
[2011/10/11 22:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/11 16:12:02 | 000,000,000 | ---D | C] -- C:\Users\Tina\Documents\PDF Files
[2011/10/11 15:54:49 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\y8gRZ9hYXjV
[2011/10/11 15:54:49 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\N1ivD2onFpHsJd
[2011/10/11 15:30:22 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\lrlONtxP0c1b3n4
[2011/10/11 15:30:22 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\FmH6sWJ7fLgZhCk
[2011/10/10 23:35:39 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\IG5aQJ6dW8R9
[2011/10/10 23:35:39 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\dlIBrzPNyAuSoFp
[2011/10/10 22:59:52 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\mnG5aQH6dKfLgXj
[2011/10/10 22:59:52 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\CCekIVrzOyAuSiF
[2011/10/10 22:52:28 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Users\Tina\DesktopWinsockxpFix.exe
[2011/10/10 22:52:20 | 000,186,368 | ---- | C] (CEXX.ORG) -- C:\Users\Tina\DesktopLSPFix.exe
[2011/10/10 22:52:18 | 000,036,864 | ---- | C] (Rock Systems & Development) -- C:\Users\Tina\DesktopSafeMSI.exe
[2011/10/10 22:27:13 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\QycA1ivD2n4
[2011/10/10 22:27:13 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\mmH5sQJ7dKgZhXj
[2011/10/10 22:15:38 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\rEL8gTZqhCkVlBx
[2011/10/10 22:15:37 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\XL9gTZqjCk
[2011/10/10 22:15:36 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\tGQdKhwCBNAS3df
[2011/10/10 22:15:34 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\aSi3FHWd8qXUlt0
[2011/10/10 22:15:33 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\lciDGm6JEgqCUlt
[2011/10/10 22:09:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/10 17:54:00 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Xaole
[2011/10/10 17:54:00 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Cua
[2011/10/10 17:13:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\WindowsVerifierUpdate.dll
[2011/10/10 17:02:38 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\WibD3onG4m6W7E8
[2011/10/10 17:02:38 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\UwkIVrlONx0c1b3
[2011/10/10 17:02:36 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Wms6Ef9XUeIrNxu
[2011/10/10 17:02:35 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\bFms7KRhwUltPcu
[2011/10/10 17:00:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/10 16:59:29 | 004,253,235 | R--- | C] (Swearware) -- C:\Users\Tina\Desktop\ComboFix.exe
[2011/10/10 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\TVVrzNtxA0uS
[2011/10/10 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\pQHH6dW7RL9gXjC
[2011/10/10 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\pHddWffR9XqCVOt
[2011/10/09 23:47:38 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.scr
[2011/10/09 23:45:46 | 000,748,643 | ---- | C] (maliprog @ Geekstogo) -- C:\Users\Tina\Desktop\explorer.exe
[2011/10/09 23:36:37 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/10/09 23:36:37 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/10/09 23:36:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/09 23:09:02 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/09 23:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/09 22:38:38 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\iexplore.exe
[2011/10/09 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online
[2011/10/09 21:21:16 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/10/09 20:56:50 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/09 20:41:49 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\ElevatedDiagnostics
[2011/10/09 20:25:14 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/09/13 20:57:01 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\VS Revo Group
[2011/09/13 20:56:55 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/09/13 20:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/09/13 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

========== Files - Modified Within 30 Days ==========

[2011/10/12 23:18:06 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 23:18:06 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 23:15:08 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/12 23:15:08 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/12 23:10:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/12 23:10:47 | 2415,120,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/12 20:30:03 | 000,075,763 | ---- | M] () -- C:\Users\Tina\Desktop\Untitled.png
[2011/10/12 20:11:29 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
[2011/10/11 22:43:08 | 098,286,136 | ---- | M] () -- C:\Users\Tina\Desktop\setup_11.0.0.1245.x01_2011_10_12_08_32.exe
[2011/10/10 22:52:28 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Users\Tina\DesktopWinsockxpFix.exe
[2011/10/10 22:52:20 | 000,186,368 | ---- | M] (CEXX.ORG) -- C:\Users\Tina\DesktopLSPFix.exe
[2011/10/10 22:52:18 | 000,036,864 | ---- | M] (Rock Systems & Development) -- C:\Users\Tina\DesktopSafeMSI.exe
[2011/10/10 22:26:21 | 000,222,316 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2011/10/10 22:14:17 | 000,000,000 | ---- | M] () -- C:\Windows\712404934
[2011/10/10 16:59:42 | 004,253,235 | R--- | M] (Swearware) -- C:\Users\Tina\Desktop\ComboFix.exe
[2011/10/10 16:38:16 | 000,001,213 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\ldr.ini
[2011/10/10 02:51:44 | 000,000,882 | RH-- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/09 23:47:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.scr
[2011/10/09 23:45:48 | 000,748,643 | ---- | M] (maliprog @ Geekstogo) -- C:\Users\Tina\Desktop\explorer.exe
[2011/10/09 23:43:31 | 001,863,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/09 23:36:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2011/10/09 22:40:56 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/09 22:38:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\iexplore.exe
[2011/10/09 21:15:38 | 000,001,267 | ---- | M] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller.lnk
[2011/09/30 16:19:14 | 000,002,000 | ---- | M] () -- C:\Users\Tina\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/13 20:56:55 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/09/13 20:55:29 | 000,001,267 | ---- | M] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller Pro.lnk

========== Files Created - No Company Name ==========

[2011/10/12 20:30:03 | 000,075,763 | ---- | C] () -- C:\Users\Tina\Desktop\Untitled.png
[2011/10/12 20:11:29 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
[2011/10/11 22:41:39 | 098,286,136 | ---- | C] () -- C:\Users\Tina\Desktop\setup_11.0.0.1245.x01_2011_10_12_08_32.exe
[2011/10/10 17:01:38 | 000,000,000 | ---- | C] () -- C:\Windows\712404934
[2011/10/09 23:36:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2011/10/09 22:35:43 | 000,001,213 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\ldr.ini
[2011/10/08 10:03:25 | 000,001,267 | ---- | C] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller.lnk
[2011/09/13 21:57:18 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/13 20:56:55 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/09/13 20:55:29 | 000,001,267 | ---- | C] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller Pro.lnk
[2011/07/25 11:47:28 | 000,000,075 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2010/12/12 23:25:59 | 000,000,248 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2010/12/12 23:25:41 | 000,000,305 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2010/12/12 23:23:55 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/12/29 23:07:20 | 000,007,618 | ---- | C] () -- C:\Users\Tina\AppData\Local\Resmon.ResmonCfg
[2009/12/22 21:27:50 | 000,022,723 | ---- | C] () -- C:\Windows\System32\SUGO3l3.dll
[2009/12/21 01:12:32 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/12/21 01:12:32 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/12/20 18:40:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 001,863,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/05/27 11:38:56 | 000,005,552 | R--- | C] () -- C:\Program Files\ReadMe.htm

========== LOP Check ==========

[2011/10/10 22:15:35 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\aSi3FHWd8qXUlt0
[2011/10/10 17:02:35 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\bFms7KRhwUltPcu
[2011/10/04 22:39:56 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\BITS
[2010/04/26 16:04:21 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Canon
[2011/10/10 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\CCekIVrzOyAuSiF
[2011/10/12 06:47:53 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\cRZ9hTXwjClBzNx
[2011/10/10 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Cua
[2011/03/28 23:22:34 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Design Science
[2011/10/10 23:35:39 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\dlIBrzPNyAuSoFp
[2011/09/13 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Downloaded Installations
[2011/10/09 21:13:30 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Dropbox
[2011/07/25 12:41:35 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Eltima Software
[2010/12/12 23:23:50 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\FlashGet
[2010/12/12 23:23:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\FlashGetBHO
[2011/10/11 15:30:22 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\FmH6sWJ7fLgZhCk
[2011/10/10 23:35:39 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\IG5aQJ6dW8R9
[2011/10/10 22:15:33 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\lciDGm6JEgqCUlt
[2011/10/11 15:30:22 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\lrlONtxP0c1b3n4
[2011/10/10 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\mmH5sQJ7dKgZhXj
[2011/10/10 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\mnG5aQH6dKfLgXj
[2011/10/11 15:54:49 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\N1ivD2onFpHsJd
[2011/08/01 19:51:46 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Nitro PDF
[2011/09/13 21:50:25 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Octoshape
[2011/10/12 06:47:53 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\P1uvD2obFpGsJdK
[2011/10/10 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\pHddWffR9XqCVOt
[2010/09/26 14:09:45 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PPlive
[2011/09/13 21:50:26 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PPStream
[2011/10/10 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\pQHH6dW7RL9gXjC
[2011/10/10 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\QycA1ivD2n4
[2011/02/21 10:28:11 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\RayV
[2011/10/10 22:15:38 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\rEL8gTZqhCkVlBx
[2011/10/10 22:15:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\tGQdKhwCBNAS3df
[2011/10/10 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\TVVrzNtxA0uS
[2011/10/10 17:02:38 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\UwkIVrlONx0c1b3
[2011/10/10 17:02:38 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\WibD3onG4m6W7E8
[2011/10/10 17:02:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Wms6Ef9XUeIrNxu
[2011/10/10 22:18:40 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Xaole
[2011/10/10 22:15:37 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\XL9gTZqjCk
[2011/10/11 15:54:49 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\y8gRZ9hYXjV
[2011/10/10 22:26:10 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\Windows\712404934:965773781.exe
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:37A3705D

< End of report >

thank you

#28
maliprog

Posted 13 October 2011 - 12:30 AM

Trusted Helper

Malware Removal
6,172 posts

We are having bigger problem with antivirus software then malware itself

.

We need to work around. Please install CA again but this time we will use Revo Uninstaller to remove it from your PC. If you have any questions while running Revo Uninstaller please ask.

Let's try this:

Download Revo Uninstaller (free edition) from here
Save the file to your Desktop
Double click the file to open and install it
Find the programs you wish to remove and double click them to begin the removal process
Make sure you do the advanced uninstall as it removes the whole program