Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP security 2012 virus + internet connection problems [Solved]

Started by smtzl , Jan 06 2012 12:27 AM

  • This topic is locked This topic is locked

#1
smtzl
Posted 06 January 2012 - 12:27 AM

smtzl

    Member

  • Member
  • PipPip
  • 21 posts
Hello,
I have a laptop that caught the XP security 2012 virus. I ran several virus removal programs and I believe I have removed the infection.
List of malware programs I ran, roughly in this order:

Kaspersky Virus removal tool (found some malware and removed)

Malwarebyte Anti-Malware (found lots of malware and removed)

Tdskiller

ComboFix (found some malware “attached to TCP/IP stack” and removed)

IobitMalware Fighter (found one malware and removed)

SuperAntiSpyware

Avast Antivirus

After all this I found I could not get an IP address (RCP service error). I found out the RCP service would not start, because DHCP service would not start, because the AFD service was missing. I fixed the AFD registry and now I get a correct IP address but I still can’t connect to the internet. I tried:

“sfc /scannow” to fix missing windows files
”netsh int ip reset c:\resetlog.txt”
Deleting and reinstalling winsock and winsock2 and the TCP/IP protocol.

I also ran “tweaking.com windows repair” to clean up registry. No luck so far. I am trying to avoid reinstalling windows. Any help would be appreciated. Thanks.



OTL logfile created on: 1/6/2012 6:21:09 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kristina\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: USA | Language: ENU | Date Format: M/d/yyyy

1015.05 Mb Total Physical Memory | 542.03 Mb Available Physical Memory | 53.40% Memory free
2.89 Gb Paging File | 2.44 Gb Available in Paging File | 84.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.15 Gb Total Space | 58.06 Gb Free Space | 74.30% Space Free | Partition Type: NTFS
Drive D: | 70.87 Gb Total Space | 70.29 Gb Free Space | 99.19% Space Free | Partition Type: NTFS

Computer Name: KRISTY | User Name: Kristina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kristina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
PRC - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELANTECH Devices Corp.)
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\11112801\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11112801\aswRep.dll ()
MOD - C:\Program Files\IObit\IObit Malware Fighter\Scan.dll ()
MOD - C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll ()
MOD - C:\Program Files\IObit\IObit Malware Fighter\unrar.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (PSEXESVC) -- C:\WINDOWS\PSEXESVC.EXE (Sysinternals)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (IMFservice) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (FileMonitor) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys ()
DRV - (UrlFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys (IObit.com)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1142338
IE - HKCU\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\prxtbSof0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic English Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {930f1200-f5f1-4870-bac6-e233ec8e7023}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1
FF - prefs.js..keyword.URL: "http://search.condui...d=CT1142338&q="
FF - prefs.js..network.proxy.backup.ftp: "192.168.10.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "192.168.10.1"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "192.168.10.1"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "192.168.10.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "192.168.10.1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "192.168.10.1"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.10.1"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "192.168.10.1"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/22 01:11:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 01:11:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 01:12:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/09/21 09:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kristina\Application Data\Mozilla\Extensions
[2011/12/24 22:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions
[2009/10/08 09:04:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/17 09:42:05 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Documents and Settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2010/01/20 11:14:44 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\searchplugins\conduit.xml
[2011/01/17 10:42:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/22 01:11:52 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/07/30 19:04:12 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2011/07/30 19:04:12 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2011/07/30 19:04:12 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2011/07/30 19:04:13 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2011/07/30 19:04:13 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2011/07/30 19:04:13 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Kristina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: H\u013Eada\u0165 v Google = C:\Documents and Settings\Kristina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Kristina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Kristina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/04 07:15:25 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pre aplikáciu Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\prxtbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\prxtbSof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kristina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kristina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/17 00:26:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 06:30:17 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2012/01/05 06:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristina\Desktop\tweaking.com_windows_repair_aio
[2012/01/05 05:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Support Tools
[2012/01/05 05:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2012/01/05 03:27:58 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2012/01/05 03:27:50 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2012/01/05 03:27:14 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2012/01/05 03:27:04 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2012/01/05 03:26:07 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2012/01/05 03:25:58 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2012/01/05 03:25:35 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2012/01/05 03:24:47 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2012/01/05 03:24:05 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2012/01/05 03:23:57 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2012/01/05 03:23:48 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2012/01/05 03:23:36 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2012/01/05 03:23:26 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2012/01/05 03:23:15 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2012/01/05 03:23:06 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2012/01/05 03:22:21 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2012/01/05 03:21:44 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2012/01/05 03:21:35 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2012/01/05 03:21:27 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2012/01/05 03:21:08 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2012/01/05 03:20:15 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2012/01/05 03:19:42 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2012/01/05 03:19:34 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2012/01/05 03:18:53 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2012/01/05 03:18:44 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2012/01/05 03:18:35 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2012/01/05 03:18:26 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2012/01/05 03:18:18 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2012/01/05 03:18:09 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2012/01/05 03:16:56 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2012/01/05 03:16:43 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2012/01/05 03:16:35 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2012/01/05 03:16:31 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012/01/05 03:16:19 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2012/01/05 03:16:11 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2012/01/05 03:15:35 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2012/01/05 03:15:28 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2012/01/05 03:13:46 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2012/01/05 03:13:38 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2012/01/05 03:13:31 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2012/01/05 03:13:22 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2012/01/05 03:13:09 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2012/01/05 03:12:18 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012/01/05 03:11:03 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012/01/05 03:10:54 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012/01/05 03:10:45 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2012/01/05 03:10:38 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012/01/05 03:10:30 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2012/01/05 03:09:21 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2012/01/05 03:09:14 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012/01/05 03:09:06 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012/01/05 03:08:50 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012/01/05 03:07:40 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2012/01/05 03:07:33 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2012/01/05 03:07:25 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012/01/05 03:07:16 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012/01/05 03:06:11 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012/01/05 03:05:54 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012/01/05 03:05:47 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012/01/05 03:05:12 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012/01/05 03:05:05 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012/01/05 03:04:58 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/01/05 03:04:51 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/01/05 03:04:44 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/01/05 03:04:37 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/01/05 03:04:30 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/01/05 03:04:23 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/01/05 03:04:16 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/01/05 03:03:59 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012/01/05 03:03:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012/01/05 03:03:48 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/01/05 03:03:46 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/01/05 03:03:17 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012/01/05 03:03:03 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/01/05 03:02:54 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012/01/05 03:02:43 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012/01/05 03:02:05 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/01/05 03:01:57 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/01/05 03:00:47 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012/01/05 03:00:39 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012/01/05 03:00:33 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012/01/05 03:00:05 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/01/05 02:58:17 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012/01/05 02:57:49 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/01/05 02:57:47 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/01/05 02:57:40 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/01/05 02:56:09 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/01/05 02:56:02 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/01/05 02:55:55 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/01/05 02:55:47 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012/01/05 02:54:55 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012/01/05 02:54:26 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012/01/05 02:54:19 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012/01/05 02:54:08 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/01/05 02:53:45 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/01/05 02:53:39 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/01/05 02:53:20 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/01/05 02:53:13 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/01/05 02:53:07 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/01/05 02:53:00 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/01/05 02:52:54 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/01/05 02:52:48 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/01/05 02:52:28 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/01/05 02:52:22 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/01/05 02:52:16 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/01/05 02:52:09 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/01/05 02:52:03 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/01/05 02:50:01 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/01/05 02:48:47 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/01/05 02:48:00 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/01/05 02:47:54 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/01/05 02:47:50 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/01/05 02:47:44 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/01/05 02:47:43 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/01/05 02:47:37 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/01/05 02:47:18 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/01/05 02:47:12 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/01/05 02:47:05 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/01/05 02:46:59 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/01/05 02:46:49 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/01/05 02:46:42 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/01/05 02:44:44 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/01/05 02:43:24 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/01/05 02:39:36 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/01/05 02:39:16 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/01/05 02:38:13 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/01/05 02:38:08 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/01/05 02:38:03 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/01/05 02:37:29 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/01/05 02:02:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/01/03 07:35:23 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/01/03 07:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/01/03 07:35:22 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/01/03 07:35:20 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/01/03 07:35:19 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/03 07:35:19 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/01/03 07:35:18 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/01/03 07:35:18 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/01/03 07:35:17 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/01/03 07:34:53 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/01/03 07:34:53 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/01/03 07:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/03 07:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/03 06:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2012/01/03 06:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristina\Application Data\IObit
[2012/01/03 06:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/01/03 05:59:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kristina\Desktop\OTL.exe
[2012/01/03 05:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristina\Application Data\PriceGong
[2012/01/03 04:30:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/03 01:39:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/02 23:18:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/02 23:18:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/01/02 21:23:16 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/01/02 21:23:09 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/01/02 21:22:05 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/01/02 21:21:57 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/01/02 21:21:53 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/01/02 21:21:37 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/01/02 21:19:22 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/01/02 21:19:06 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/01/02 21:19:01 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/01/02 21:13:58 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/01/02 21:13:47 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/01/02 21:13:01 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/01/02 21:12:56 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/01/02 21:12:54 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/01/02 21:12:41 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/01/02 21:12:37 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/01/02 21:12:34 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/01/02 21:12:30 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/01/02 21:11:49 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/01/02 21:09:35 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/01/02 21:09:32 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/01/02 21:09:03 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/01/02 21:05:58 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/01/02 21:05:56 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/01/02 21:05:53 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/01/02 21:05:51 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/01/02 21:05:49 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/01/02 21:05:46 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/01/02 21:05:44 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/01/02 21:05:40 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/01/02 21:05:23 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/01/02 21:04:57 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/01/02 21:04:41 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/01/02 21:03:34 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/01/02 21:03:33 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/01/02 21:03:31 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/01/02 21:03:29 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/01/02 21:03:28 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/01/02 21:03:23 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/01/02 21:03:21 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/01/02 21:03:20 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/01/02 21:03:18 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/01/02 21:03:14 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/01/02 21:03:12 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/01/02 20:54:46 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/01/02 20:54:45 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/01/02 20:54:44 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/01/02 20:54:43 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/01/02 20:54:42 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/01/02 20:54:40 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/01/02 20:54:39 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/01/02 20:54:37 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/01/02 20:54:35 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/01/02 20:54:33 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/01/02 20:54:32 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/01/02 20:54:30 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/01/02 20:54:29 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/01/02 20:54:27 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/01/02 20:54:26 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/01/02 20:54:24 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/01/02 20:54:23 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/01/02 20:54:22 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/01/02 20:54:14 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/01/02 20:54:07 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/01/02 20:54:06 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/01/02 20:54:04 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/01/02 20:54:02 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/01/02 20:54:01 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/01/02 20:54:00 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/01/02 20:53:59 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/01/02 20:52:02 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/01/02 20:51:42 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/01/02 20:50:32 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/01/02 20:50:30 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/01/02 20:50:29 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/01/02 20:50:28 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/01/02 20:50:27 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/01/02 20:50:22 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/01/02 20:50:08 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/01/02 20:50:05 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/01/02 20:49:56 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/01/02 20:49:55 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/01/02 20:49:54 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/12/25 04:18:00 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/12/25 04:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristina\Application Data\Malwarebytes
[2011/12/25 04:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/25 04:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/25 04:12:33 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/25 04:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/22 01:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristina\Local Settings\Application Data\Real
[2011/12/22 01:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/12/22 01:10:49 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/12/22 01:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/12/22 01:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2011/12/22 01:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristina\Application Data\Real
[2011/12/22 01:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/12/22 01:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\PricePeep
[2011/12/21 21:44:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kristina\Start Menu\Programs\Administrative Tools
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/06 06:19:11 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/06 06:17:46 | 000,000,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/01/06 06:17:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/06 06:16:39 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3709148111-546900630-982799846-1006.job
[2012/01/06 06:16:17 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/06 06:15:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/06 02:40:33 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2012/01/05 06:05:29 | 000,445,230 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/05 06:05:29 | 000,073,106 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/05 01:21:54 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/05 01:13:01 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3709148111-546900630-982799846-1006.job
[2012/01/04 07:15:25 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/03 07:35:23 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/03 07:35:18 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/03 06:28:55 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2012/01/03 05:57:53 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/02 21:35:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 20:52:58 | 000,000,180 | -HS- | M] () -- C:\WINDOWS\2907871drv.spi
[2012/01/02 13:54:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristina\Desktop\OTL.exe
[2011/12/24 23:43:17 | 000,011,860 | -HS- | M] () -- C:\Documents and Settings\Kristina\Local Settings\Application Data\4c80yc2q23e655
[2011/12/24 23:43:17 | 000,011,860 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4c80yc2q23e655
[2011/12/24 22:35:12 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Kristina\Local Settings\Application Data\WebpageIcons.db
[2011/12/22 01:10:49 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/12/22 01:08:55 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Kristina\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/18 15:30:42 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Kristina\Desktop\Skype.lnk
[2011/12/16 14:22:00 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/11 03:13:45 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\Kristina\Desktop\Microsoft Office Word 2007.lnk
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/05 03:27:49 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2012/01/05 03:27:40 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2012/01/05 03:00:21 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/01/05 03:00:12 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/01/05 02:59:37 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/01/05 02:50:21 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/01/05 02:46:32 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/01/05 02:43:56 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/01/05 02:43:50 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/01/05 02:43:40 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/01/05 02:41:40 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/01/05 02:39:31 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/01/05 02:39:21 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/01/05 02:39:11 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/01/05 02:39:01 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/01/05 02:38:50 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/01/05 02:38:16 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/01/03 07:35:23 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/03 06:28:55 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2012/01/02 21:12:51 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/01/02 21:12:48 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/01/02 21:12:44 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/01/02 21:04:40 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/01/02 20:53:13 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/01/02 20:53:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/01/02 20:53:09 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/01/02 20:53:04 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/01/02 20:53:02 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/01/02 20:53:00 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/01/02 20:52:59 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/01/02 20:52:58 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/01/02 20:52:58 | 000,000,180 | -HS- | C] () -- C:\WINDOWS\2907871drv.spi
[2012/01/02 20:52:55 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/01/02 20:52:31 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/01/02 19:53:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/24 22:35:07 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Kristina\Local Settings\Application Data\WebpageIcons.db
[2011/12/22 02:48:14 | 000,011,860 | -HS- | C] () -- C:\Documents and Settings\Kristina\Local Settings\Application Data\4c80yc2q23e655
[2011/12/22 02:48:14 | 000,011,860 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4c80yc2q23e655
[2011/12/22 01:13:59 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3709148111-546900630-982799846-1006.job
[2011/12/22 01:13:56 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3709148111-546900630-982799846-1006.job
[2011/12/22 01:08:55 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Kristina\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/22 01:07:49 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/22 01:07:49 | 000,000,942 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/28 15:57:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2011/08/28 15:57:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Schema
[2011/08/28 15:57:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\SupportPrinters
[2011/08/28 15:57:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Kristina\Application Data\Strings
[2011/08/28 15:57:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Kristina\Application Data\String Ensemble
[2011/08/28 15:57:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Kristina\Application Data\String Comparison
[2011/08/28 15:57:17 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/08/28 15:57:17 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/08/28 15:57:16 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/06/18 11:22:59 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2009/09/29 17:29:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/21 09:30:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/16 21:20:29 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/09/16 21:20:29 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\2DCBD1C184.sys
[2009/09/16 17:13:24 | 000,025,262 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/09/16 17:13:22 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/09/12 00:18:44 | 000,010,760 | ---- | C] () -- C:\Documents and Settings\Kristina\Application Data\wklnhst.dat
[2009/09/11 23:56:53 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Kristina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 23:40:35 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Kristina\Local Settings\Application Data\fusioncache.dat
[2009/03/18 03:29:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/18 03:23:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2009/03/17 04:09:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe
[2009/03/17 04:09:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe
[2009/03/17 04:01:13 | 000,000,520 | R--- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/03/17 04:01:13 | 000,000,008 | R--- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/03/17 00:28:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/17 00:24:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/16 23:09:39 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/03/16 23:09:29 | 000,445,230 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/16 23:09:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/03/16 23:09:29 | 000,073,106 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/16 23:09:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/03/16 23:09:29 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/16 23:09:28 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/03/16 23:09:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/03/16 23:09:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/03/16 23:09:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/03/16 23:09:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/03/16 23:09:23 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/03/16 23:09:21 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/03/16 16:18:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/16 16:17:20 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/15 02:12:56 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2008/08/28 04:10:24 | 000,000,173 | ---- | C] () -- C:\WINDOWS\explorer.exe.config
[2008/07/31 03:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini

========== LOP Check ==========

[2011/08/28 15:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ambience
[2011/08/28 15:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applause and Laugher
[2011/08/28 15:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Units
[2012/01/03 07:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/09/11 23:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ECAP
[2011/08/28 15:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/12 08:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/03 07:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/08/28 19:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/08/28 15:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2012/01/03 06:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristina\Application Data\IObit
[2012/01/06 02:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristina\Application Data\PriceGong
[2009/09/22 11:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristina\Application Data\Template
[2011/07/25 08:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristina\Application Data\Thinstall

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
smtzl
Posted 09 January 2012 - 06:30 PM

smtzl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Well I ran GMER and it found some more malware. No other programs found these.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-09 05:40:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160310AS rev.0303
Running: 9h8ndlbc.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxtdqpoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
  • 0

#3
Gammo
Posted 14 January 2012 - 11:46 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1142338
IE - HKCU\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\prxtbSof0.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic English Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1142338&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {930f1200-f5f1-4870-bac6-e233ec8e7023}:2.5.6.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&q="
[2010/05/17 09:42:05 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Documents and Settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2010/01/20 11:14:44 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\searchplugins\conduit.xml
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\prxtbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\prxtbSof0.dll (Conduit Ltd.)
[2012/01/03 05:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristina\Application Data\PriceGong
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2011/12/22 01:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\PricePeep
[2012/01/02 20:52:58 | 000,000,180 | -HS- | M] () -- C:\WINDOWS\2907871drv.spi
[2011/12/24 23:43:17 | 000,011,860 | -HS- | M] () -- C:\Documents and Settings\Kristina\Local Settings\Application Data\4c80yc2q23e655
[2011/12/24 23:43:17 | 000,011,860 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4c80yc2q23e655

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Program Files\Softonic_English
C:\Program Files\ConduitEngine

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#4
smtzl
Posted 21 January 2012 - 01:14 PM

smtzl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I was out of town for work all week so I did not get a chance to reply until now.

I still cant connect to the internet using this laptop.

Below is OTL log.

ComboFix Log: I ran without Windows recovery console, my mistake.

ComboFix Log2:I installed Windows recovery console and ran ComboFix again.


All processes killed
Error: Unable to interpret <:OTLIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...tid=CT1142338IE - HKCU\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\prxtbSof0.dll (Conduit Ltd.)FF - prefs.js..browser.search.defaultthis.engineName: "Softonic English Customized Web Search"FF - prefs.js..browser.search.defaulturl: "http://search.condui...searchTerms}"FF - prefs.js..browser.startup.homepage: "http://search.condui...rchSource=13"FF - prefs.js..extensions.enabledItems: {930f1200-f5f1-4870-bac6-e233ec8e7023}:2.5.6.0FF - prefs.js..keyword.URL: "http://search.condui...d=CT1142338&q="[2010/05/17 09:42:05 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Documents and Settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}[2010/01/20 11:14:44 | 000,000,935 | ---- | M] () -- C:\D> in the current context!
Error: Unable to interpret <ocuments and Settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\searchplugins\conduit.xmlO2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\prxtbSof0.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\prxtbSof0.dll (Conduit Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\prxtbSof0.dll (Conduit Ltd.)[2012/01/03 05:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristina\Application Data\PriceGong[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ][2011/12/22 01:03:59 | 000,0> in the current context!
Error: Unable to interpret <00,000 | ---D | C] -- C:\Program Files\PricePeep[2012/01/02 20:52:58 | 000,000,180 | -HS- | M] () -- C:\WINDOWS\2907871drv.spi[2011/12/24 23:43:17 | 000,011,860 | -HS- | M] () -- C:\Documents and Settings\Kristina\Local Settings\Application Data\4c80yc2q23e655[2011/12/24 23:43:17 | 000,011,860 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4c80yc2q23e655:Services:Reg:Filesipconfig /flushdns /cC:\Program Files\Softonic_EnglishC:\Program Files\ConduitEngine:Commands[purity][resethosts][emptytemp][emptyflash][createrestorepoint][reboot]> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 01212012_172357

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...









ComboFix 12-01-21.01 - Kristina 01/21/2012 10:43:26.4.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.662 [GMT 1:00]
Running from: e:\6\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kristina\Application Data\PriceGong
c:\documents and settings\Kristina\Application Data\PriceGong\Data\mru.xml
c:\windows\COM+.log
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 16:23 . 2012-01-21 16:23 -------- d-----w- C:\_OTL
2012-01-14 05:26 . 2012-01-14 05:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-09 04:50 . 2012-01-09 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-01-09 04:50 . 2012-01-09 04:50 -------- d-----w- c:\program files\Security Task Manager
2012-01-07 04:01 . 2012-01-07 04:01 -------- d-----w- C:\temp
2012-01-07 03:37 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-06 01:26 . 2004-06-11 14:33 290304 ----a-w- C:\subinacl.exe
2012-01-05 05:30 . 2012-01-07 05:21 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-01-05 04:26 . 2012-01-07 01:48 -------- d-----w- c:\program files\Support Tools
2012-01-05 02:27 . 2008-04-14 04:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-01-05 02:27 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-01-05 02:27 . 2008-04-14 04:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-01-05 02:27 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-01-05 02:27 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-01-05 02:27 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-01-05 02:27 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-01-05 02:27 . 2008-04-13 21:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-01-05 02:26 . 2008-04-13 21:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-01-05 02:26 . 2008-04-14 04:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-01-05 02:26 . 2008-04-13 23:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-01-05 02:26 . 2008-04-13 21:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-01-05 02:25 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-01-05 02:25 . 2001-08-17 12:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2012-01-05 02:25 . 2001-08-17 21:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-01-05 02:25 . 2001-08-17 21:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-01-05 02:23 . 2001-08-17 11:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2012-01-05 02:23 . 2001-08-17 11:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2012-01-05 02:23 . 2001-08-17 12:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2012-01-05 02:23 . 2001-08-17 12:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2012-01-05 02:23 . 2008-04-14 12:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2012-01-05 02:23 . 2008-04-14 12:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2012-01-05 02:23 . 2001-08-17 12:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2012-01-05 02:23 . 2001-08-17 11:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2012-01-05 02:22 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2012-01-05 02:22 . 2008-04-13 23:10 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2012-01-05 02:22 . 2008-04-13 23:06 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
2012-01-05 02:22 . 2008-04-14 04:42 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2012-01-05 02:22 . 2001-08-17 12:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2012-01-05 02:22 . 2001-08-17 12:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2012-01-05 02:22 . 2001-08-17 12:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2012-01-05 02:22 . 2001-08-17 12:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2012-01-05 02:21 . 2001-08-17 12:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2012-01-05 02:21 . 2001-08-17 12:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2012-01-05 02:21 . 2001-08-17 12:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2012-01-05 02:21 . 2001-08-17 12:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2012-01-05 02:21 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2012-01-05 02:21 . 2008-04-13 23:15 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2012-01-05 02:21 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-01-05 02:21 . 2008-04-13 23:26 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2012-01-05 02:21 . 2008-04-13 21:05 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2012-01-05 02:20 . 2008-04-14 12:00 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2012-01-05 02:20 . 2001-08-17 21:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2012-01-05 02:20 . 2001-08-17 21:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2012-01-05 02:20 . 2001-08-17 21:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2012-01-05 02:20 . 2001-08-17 21:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2012-01-05 02:20 . 2001-08-17 21:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2012-01-05 02:20 . 2001-08-17 12:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2012-01-05 02:19 . 2001-08-17 21:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2012-01-05 02:19 . 2001-08-17 21:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2012-01-05 02:19 . 2001-08-17 21:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2012-01-05 02:19 . 2001-08-17 21:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2012-01-05 02:19 . 2001-08-17 12:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2012-01-05 02:19 . 2008-04-13 23:06 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2012-01-05 02:19 . 2001-08-17 12:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2012-01-05 02:18 . 2001-08-17 11:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2012-01-05 02:18 . 2001-08-17 21:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2012-01-05 02:18 . 2001-08-17 11:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2012-01-05 02:18 . 2001-08-17 13:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2012-01-05 02:18 . 2001-08-17 11:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2012-01-05 02:18 . 2001-08-17 13:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2012-01-05 02:17 . 2001-08-17 11:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2012-01-05 02:17 . 2001-08-17 21:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2012-01-05 02:17 . 2008-04-14 04:42 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2012-01-05 02:17 . 2001-08-17 21:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2012-01-05 02:17 . 2001-08-17 12:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2012-01-05 02:17 . 2001-08-17 13:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2012-01-05 02:17 . 2001-08-17 13:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2012-01-05 02:17 . 2001-08-17 11:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2012-01-05 02:17 . 2008-04-14 12:00 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll
2012-01-05 02:16 . 2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2012-01-05 02:16 . 2001-08-17 11:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2012-01-05 02:16 . 2008-04-14 12:00 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe
2012-01-05 02:16 . 2001-08-17 11:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2012-01-05 02:16 . 2001-08-17 13:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2012-01-05 02:16 . 2008-04-13 23:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2012-01-05 02:16 . 2001-08-17 11:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-01-05 02:16 . 2001-08-17 11:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2012-01-05 02:15 . 2001-08-17 12:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2012-01-05 02:15 . 2001-08-17 12:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-01-05 02:15 . 2001-08-17 11:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2012-01-05 02:15 . 2001-08-17 13:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2012-01-05 02:15 . 2001-08-17 13:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2012-01-05 02:15 . 2001-08-17 13:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2012-01-05 02:14 . 2001-08-17 13:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2012-01-05 02:14 . 2001-08-17 13:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2012-01-05 02:14 . 2001-08-17 21:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2012-01-05 02:14 . 2001-08-17 12:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2012-01-05 02:14 . 2001-08-17 13:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2012-01-05 02:14 . 2001-08-17 21:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2012-01-05 02:14 . 2001-08-17 21:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2012-01-05 02:14 . 2001-08-17 21:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2012-01-05 02:13 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2012-01-05 02:13 . 2001-08-17 21:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2012-01-05 02:13 . 2001-08-17 21:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2012-01-05 02:13 . 2001-08-17 11:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2012-01-05 02:13 . 2001-08-17 12:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2012-01-05 02:13 . 2001-08-17 11:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-01-05 02:12 . 2001-08-17 21:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2012-01-05 02:12 . 2001-08-17 21:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2012-01-05 02:12 . 2001-08-17 12:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-01-05 02:12 . 2001-08-17 21:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2012-01-05 02:12 . 2001-08-17 13:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2012-01-05 02:12 . 2001-08-17 12:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2012-01-05 02:12 . 2001-08-17 11:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2012-01-05 02:11 . 2001-08-17 21:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-01-05 02:11 . 2001-08-17 11:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2012-01-05 02:11 . 2001-08-17 12:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2012-01-05 02:11 . 2008-04-13 23:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-01-05 02:11 . 2008-04-14 12:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2012-01-05 02:11 . 2001-08-17 12:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2012-01-05 02:11 . 2001-08-17 11:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-01-05 02:10 . 2001-08-17 13:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2012-01-05 02:10 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2012-01-05 02:10 . 2001-08-17 11:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2012-01-05 02:10 . 2001-08-17 11:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-22 00:10 . 2011-12-22 00:10 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-22 00:10 . 2011-12-22 00:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-23 13:25 . 2009-03-16 22:09 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 20:35 . 2009-03-16 22:09 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2009-03-16 22:09 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2009-03-16 22:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 16:07 . 2009-03-16 22:09 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02 . 2009-03-16 22:09 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 05:31 . 2009-03-16 22:09 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2009-03-16 22:09 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic_English\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-01-23 416768]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-18 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-08 94208]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-13 17508864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-22 296056]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-10-08 4441944]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-5 113664]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-3-17 376832]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-07 01:50 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [1/3/2012 6:28 AM 820568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/7/2012 4:37 AM 20464]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [1/3/2012 6:28 AM 30368]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [1/3/2012 6:28 AM 16208]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2011 1:07 AM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/7/2012 4:37 AM 652872]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/17/2009 4:01 AM 1684736]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2011 1:07 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/14/2012 6:26 AM 40776]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [1/3/2012 6:28 AM 239472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 12:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 00:07]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 00:07]
.
2012-01-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3709148111-546900630-982799846-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
2012-01-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3709148111-546900630-982799846-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1142338
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1142338&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - %profile%\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 10:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-01-21 11:00:49
ComboFix-quarantined-files.txt 2012-01-21 10:00
.
Pre-Run: 61,417,451,520 bytes free
Post-Run: 61,406,523,392 bytes free
.
- - End Of File - - 383D463C5972DA7A3555215FD6AB728F












ComboFix 12-01-21.01 - Kristina 01/21/2012 12:09:40.5.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.695 [GMT 1:00]
Running from: e:\6\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kristina\Application Data\PriceGong
c:\documents and settings\Kristina\Application Data\PriceGong\Data\mru.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 16:23 . 2012-01-21 16:23 -------- d-----w- C:\_OTL
2012-01-14 05:26 . 2012-01-21 10:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-09 04:50 . 2012-01-09 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-01-09 04:50 . 2012-01-09 04:50 -------- d-----w- c:\program files\Security Task Manager
2012-01-07 04:01 . 2012-01-07 04:01 -------- d-----w- C:\temp
2012-01-07 03:37 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-06 01:26 . 2004-06-11 14:33 290304 ----a-w- C:\subinacl.exe
2012-01-05 05:30 . 2012-01-07 05:21 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-01-05 04:26 . 2012-01-07 01:48 -------- d-----w- c:\program files\Support Tools
2012-01-05 02:27 . 2008-04-14 04:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-01-05 02:27 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-01-05 02:27 . 2008-04-14 04:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-01-05 02:27 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-01-05 02:27 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-01-05 02:27 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-01-05 02:27 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-01-05 02:27 . 2008-04-13 21:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-01-05 02:26 . 2008-04-13 21:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-01-05 02:26 . 2008-04-14 04:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-01-05 02:26 . 2008-04-13 23:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-01-05 02:26 . 2008-04-13 21:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-01-05 02:25 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-01-05 02:25 . 2001-08-17 12:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2012-01-05 02:25 . 2001-08-17 21:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-01-05 02:25 . 2001-08-17 21:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-01-05 02:23 . 2001-08-17 11:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2012-01-05 02:23 . 2001-08-17 11:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2012-01-05 02:23 . 2001-08-17 12:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2012-01-05 02:23 . 2001-08-17 12:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2012-01-05 02:23 . 2008-04-14 12:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2012-01-05 02:23 . 2008-04-14 12:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2012-01-05 02:23 . 2001-08-17 12:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2012-01-05 02:23 . 2001-08-17 11:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2012-01-05 02:22 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2012-01-05 02:22 . 2008-04-13 23:10 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2012-01-05 02:22 . 2008-04-13 23:06 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
2012-01-05 02:22 . 2008-04-14 04:42 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2012-01-05 02:22 . 2001-08-17 12:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2012-01-05 02:22 . 2001-08-17 12:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2012-01-05 02:22 . 2001-08-17 12:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2012-01-05 02:22 . 2001-08-17 12:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2012-01-05 02:21 . 2001-08-17 12:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2012-01-05 02:21 . 2001-08-17 12:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2012-01-05 02:21 . 2001-08-17 12:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2012-01-05 02:21 . 2001-08-17 12:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2012-01-05 02:21 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2012-01-05 02:21 . 2008-04-13 23:15 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2012-01-05 02:21 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-01-05 02:21 . 2008-04-13 23:26 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2012-01-05 02:21 . 2008-04-13 21:05 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2012-01-05 02:20 . 2008-04-14 12:00 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2012-01-05 02:20 . 2001-08-17 21:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2012-01-05 02:20 . 2001-08-17 21:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2012-01-05 02:20 . 2001-08-17 21:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2012-01-05 02:20 . 2001-08-17 21:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2012-01-05 02:20 . 2001-08-17 21:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2012-01-05 02:20 . 2001-08-17 12:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2012-01-05 02:19 . 2001-08-17 21:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2012-01-05 02:19 . 2001-08-17 21:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2012-01-05 02:19 . 2001-08-17 21:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2012-01-05 02:19 . 2001-08-17 21:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2012-01-05 02:19 . 2001-08-17 12:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2012-01-05 02:19 . 2008-04-13 23:06 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2012-01-05 02:19 . 2001-08-17 12:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2012-01-05 02:18 . 2001-08-17 11:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2012-01-05 02:18 . 2001-08-17 21:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2012-01-05 02:18 . 2001-08-17 11:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2012-01-05 02:18 . 2001-08-17 13:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2012-01-05 02:18 . 2001-08-17 11:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2012-01-05 02:18 . 2001-08-17 13:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2012-01-05 02:17 . 2001-08-17 11:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2012-01-05 02:17 . 2001-08-17 21:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2012-01-05 02:17 . 2008-04-14 04:42 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2012-01-05 02:17 . 2001-08-17 21:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2012-01-05 02:17 . 2001-08-17 12:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2012-01-05 02:17 . 2001-08-17 13:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2012-01-05 02:17 . 2001-08-17 13:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2012-01-05 02:17 . 2001-08-17 11:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2012-01-05 02:17 . 2008-04-14 12:00 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll
2012-01-05 02:16 . 2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2012-01-05 02:16 . 2001-08-17 11:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2012-01-05 02:16 . 2008-04-14 12:00 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe
2012-01-05 02:16 . 2001-08-17 11:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2012-01-05 02:16 . 2001-08-17 13:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2012-01-05 02:16 . 2008-04-13 23:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2012-01-05 02:16 . 2001-08-17 11:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-01-05 02:16 . 2001-08-17 11:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2012-01-05 02:15 . 2001-08-17 12:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2012-01-05 02:15 . 2001-08-17 12:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-01-05 02:15 . 2001-08-17 11:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2012-01-05 02:15 . 2001-08-17 13:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2012-01-05 02:15 . 2001-08-17 13:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2012-01-05 02:15 . 2001-08-17 13:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2012-01-05 02:14 . 2001-08-17 13:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2012-01-05 02:14 . 2001-08-17 13:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2012-01-05 02:14 . 2001-08-17 21:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2012-01-05 02:14 . 2001-08-17 12:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2012-01-05 02:14 . 2001-08-17 13:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2012-01-05 02:14 . 2001-08-17 21:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2012-01-05 02:14 . 2001-08-17 21:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2012-01-05 02:14 . 2001-08-17 21:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2012-01-05 02:13 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2012-01-05 02:13 . 2001-08-17 21:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2012-01-05 02:13 . 2001-08-17 21:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2012-01-05 02:13 . 2001-08-17 11:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2012-01-05 02:13 . 2001-08-17 12:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2012-01-05 02:13 . 2001-08-17 11:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-01-05 02:12 . 2001-08-17 21:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2012-01-05 02:12 . 2001-08-17 21:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2012-01-05 02:12 . 2001-08-17 12:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-01-05 02:12 . 2001-08-17 21:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2012-01-05 02:12 . 2001-08-17 13:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2012-01-05 02:12 . 2001-08-17 12:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2012-01-05 02:12 . 2001-08-17 11:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2012-01-05 02:11 . 2001-08-17 21:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-01-05 02:11 . 2001-08-17 11:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2012-01-05 02:11 . 2001-08-17 12:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2012-01-05 02:11 . 2008-04-13 23:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-01-05 02:11 . 2008-04-14 12:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2012-01-05 02:11 . 2001-08-17 12:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2012-01-05 02:11 . 2001-08-17 11:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-01-05 02:10 . 2001-08-17 13:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2012-01-05 02:10 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2012-01-05 02:10 . 2001-08-17 11:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2012-01-05 02:10 . 2001-08-17 11:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-22 00:10 . 2011-12-22 00:10 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-22 00:10 . 2011-12-22 00:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-23 13:25 . 2009-03-16 22:09 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 20:35 . 2009-03-16 22:09 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2009-03-16 22:09 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2009-03-16 22:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 16:07 . 2009-03-16 22:09 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02 . 2009-03-16 22:09 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 05:31 . 2009-03-16 22:09 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2009-03-16 22:09 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-21_09.57.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-16 22:09 . 2012-01-21 11:11 73208 c:\windows\system32\perfc009.dat
- 2009-03-16 22:09 . 2012-01-21 09:37 73208 c:\windows\system32\perfc009.dat
+ 2009-03-16 22:09 . 2012-01-21 11:11 445482 c:\windows\system32\perfh009.dat
- 2009-03-16 22:09 . 2012-01-21 09:37 445482 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic_English\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-01-23 416768]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-18 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-08 94208]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-13 17508864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-22 296056]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-10-08 4441944]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-5 113664]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-3-17 376832]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-07 01:50 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [1/3/2012 6:28 AM 820568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/7/2012 4:37 AM 20464]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [1/3/2012 6:28 AM 30368]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [1/3/2012 6:28 AM 16208]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2011 1:07 AM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/7/2012 4:37 AM 652872]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/17/2009 4:01 AM 1684736]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2011 1:07 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/14/2012 6:26 AM 40776]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [1/3/2012 6:28 AM 239472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 12:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 00:07]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 00:07]
.
2012-01-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3709148111-546900630-982799846-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
2012-01-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3709148111-546900630-982799846-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1142338
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1142338&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - %profile%\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 12:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-01-21 12:19:30
ComboFix-quarantined-files.txt 2012-01-21 11:19
ComboFix2.txt 2012-01-21 10:00
.
Pre-Run: 61,393,530,880 bytes free
Post-Run: 61,381,373,952 bytes free
.
- - End Of File - - 43635814746D3BD542E4F4E06AC9264E
  • 0

#5
Gammo
Posted 21 January 2012 - 03:54 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
C:\Documents and Settings\Kristina\Local Settings\Application Data\4c80yc2q23e655
C:\Documents and Settings\All Users\Application Data\4c80yc2q23e655
C:\Documents and Settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\searchplugins\conduit.xml
C:\WINDOWS\2907871drv.spi

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"=-
[-HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"=-

Folder::
C:\Program Files\Softonic_English
C:\Program Files\ConduitEngine
C:\Program Files\PricePeep

DDS::
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1142338

FireFox::
FF - ProfilePath - c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1142338&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&q=
FF - Ext: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - %profile%\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#6
smtzl
Posted 23 January 2012 - 10:58 PM

smtzl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ComboFix 12-01-21.01 - Administrator 23.01.2012 22:18:25.6.1 - x86 NETWORK
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.804 [GMT 1:00]
Running from: e:\6\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
FILE ::
"c:\documents and settings\All Users\Application Data\4c80yc2q23e655"
"c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\searchplugins\conduit.xml"
"c:\documents and settings\Kristina\Local Settings\Application Data\4c80yc2q23e655"
"c:\windows\2907871drv.spi"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\ConduitAutoCompleteSearch.js
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\ConduitAutoCompleteSearch.xpt
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\ConduitToolbar.idl
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\ConduitToolbar.js
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\ConduitToolbar.xpt
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.xpt
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\RadioWMPCore.dll
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\RadioWMPCore.xpt
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\defaults\default_radio_skin.xml
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\defaults\fbAlert.js
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\chrome.manifest
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\chrome\softonic_english.jar
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\install.rdf
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\lib\xpcom.js
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\META-INF\manifest.mf
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\META-INF\zigbert.rsa
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\META-INF\zigbert.sf
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\searchplugin\conduit.gif
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\searchplugin\conduit.ico
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\searchplugin\conduit.PNG
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\searchplugin\conduit.src
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\searchplugin\conduit.xml
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\setup.ini
c:\documents and settings\Kristina\Application Data\Mozilla\Firefox\Profiles\h0v22jt8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\version.txt
c:\documents and settings\Kristina\Application Data\PriceGong
c:\documents and settings\Kristina\Application Data\PriceGong\Data\mru.xml
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\prxConduitEngine.dll
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\PricePeep
c:\program files\PricePeep\installer.ico
c:\program files\PricePeep\Thumbs.db
c:\program files\PricePeep\uninstall.exe
c:\program files\Softonic_English
c:\program files\Softonic_English\INSTALL.LOG
c:\program files\Softonic_English\prxtbSof0.dll
c:\program files\Softonic_English\Softonic_EnglishToolbarHelper.exe
c:\program files\Softonic_English\Softonic_EnglishToolbarHelper1.exe
c:\program files\Softonic_English\tbSof0.dll
c:\program files\Softonic_English\tbSof1.dll
c:\program files\Softonic_English\tbSoft.dll
c:\program files\Softonic_English\toolbar.cfg
c:\program files\Softonic_English\uninstall.exe
c:\program files\Softonic_English\UNWISE.EXE
.
.
((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-21 16:23 . 2012-01-21 16:23 -------- d-----w- C:\_OTL
2012-01-14 05:26 . 2012-01-21 11:28 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-09 04:50 . 2012-01-09 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-01-09 04:50 . 2012-01-09 04:50 -------- d-----w- c:\program files\Security Task Manager
2012-01-07 04:01 . 2012-01-07 04:01 -------- d-----w- C:\temp
2012-01-06 01:26 . 2004-06-11 14:33 290304 ----a-w- C:\subinacl.exe
2012-01-05 05:30 . 2012-01-07 05:21 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-01-05 04:26 . 2012-01-07 01:48 -------- d-----w- c:\program files\Support Tools
2012-01-05 02:27 . 2008-04-14 04:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-01-05 02:27 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-01-05 02:27 . 2008-04-14 04:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-01-05 02:27 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-01-05 02:27 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-01-05 02:27 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-01-05 02:27 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-01-05 02:27 . 2008-04-13 21:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-01-05 02:26 . 2008-04-13 21:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-01-05 02:26 . 2008-04-14 04:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-01-05 02:26 . 2008-04-13 23:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-01-05 02:26 . 2008-04-13 21:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-01-05 02:25 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-01-05 02:25 . 2001-08-17 12:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2012-01-05 02:25 . 2001-08-17 21:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-01-05 02:25 . 2001-08-17 21:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-01-05 02:23 . 2001-08-17 11:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2012-01-05 02:23 . 2001-08-17 11:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2012-01-05 02:23 . 2001-08-17 12:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2012-01-05 02:23 . 2001-08-17 12:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2012-01-05 02:23 . 2008-04-14 12:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2012-01-05 02:23 . 2008-04-14 12:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2012-01-05 02:23 . 2001-08-17 12:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2012-01-05 02:23 . 2001-08-17 11:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2012-01-05 02:22 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2012-01-05 02:22 . 2008-04-13 23:10 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2012-01-05 02:22 . 2008-04-13 23:06 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
2012-01-05 02:22 . 2008-04-14 04:42 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2012-01-05 02:22 . 2001-08-17 12:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2012-01-05 02:22 . 2001-08-17 12:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2012-01-05 02:22 . 2001-08-17 12:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2012-01-05 02:22 . 2001-08-17 12:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2012-01-05 02:21 . 2001-08-17 12:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2012-01-05 02:21 . 2001-08-17 12:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2012-01-05 02:21 . 2001-08-17 12:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2012-01-05 02:21 . 2001-08-17 12:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2012-01-05 02:21 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2012-01-05 02:21 . 2008-04-13 23:15 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2012-01-05 02:21 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-01-05 02:21 . 2008-04-13 23:26 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2012-01-05 02:21 . 2008-04-13 21:05 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2012-01-05 02:20 . 2008-04-14 12:00 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2012-01-05 02:20 . 2001-08-17 21:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2012-01-05 02:20 . 2001-08-17 21:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2012-01-05 02:20 . 2001-08-17 21:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2012-01-05 02:20 . 2001-08-17 21:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2012-01-05 02:20 . 2001-08-17 21:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2012-01-05 02:20 . 2001-08-17 12:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2012-01-05 02:19 . 2001-08-17 21:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2012-01-05 02:19 . 2001-08-17 21:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2012-01-05 02:19 . 2001-08-17 21:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2012-01-05 02:19 . 2001-08-17 21:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2012-01-05 02:19 . 2001-08-17 12:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2012-01-05 02:19 . 2008-04-13 23:06 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2012-01-05 02:19 . 2001-08-17 12:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2012-01-05 02:18 . 2001-08-17 11:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2012-01-05 02:18 . 2001-08-17 21:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2012-01-05 02:18 . 2001-08-17 11:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2012-01-05 02:18 . 2001-08-17 13:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2012-01-05 02:18 . 2001-08-17 11:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2012-01-05 02:18 . 2001-08-17 13:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2012-01-05 02:17 . 2001-08-17 11:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2012-01-05 02:17 . 2001-08-17 21:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2012-01-05 02:17 . 2008-04-14 04:42 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2012-01-05 02:17 . 2001-08-17 21:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2012-01-05 02:17 . 2001-08-17 12:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2012-01-05 02:17 . 2001-08-17 13:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2012-01-05 02:17 . 2001-08-17 13:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2012-01-05 02:17 . 2001-08-17 11:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2012-01-05 02:17 . 2008-04-14 12:00 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll
2012-01-05 02:16 . 2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2012-01-05 02:16 . 2001-08-17 11:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2012-01-05 02:16 . 2008-04-14 12:00 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe
2012-01-05 02:16 . 2001-08-17 11:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2012-01-05 02:16 . 2001-08-17 13:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2012-01-05 02:16 . 2008-04-13 23:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2012-01-05 02:16 . 2001-08-17 11:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-01-05 02:16 . 2001-08-17 11:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2012-01-05 02:15 . 2001-08-17 12:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2012-01-05 02:15 . 2001-08-17 12:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-01-05 02:15 . 2001-08-17 11:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2012-01-05 02:15 . 2001-08-17 13:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2012-01-05 02:15 . 2001-08-17 13:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2012-01-05 02:15 . 2001-08-17 13:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2012-01-05 02:14 . 2001-08-17 13:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2012-01-05 02:14 . 2001-08-17 13:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2012-01-05 02:14 . 2001-08-17 21:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2012-01-05 02:14 . 2001-08-17 12:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2012-01-05 02:14 . 2001-08-17 13:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2012-01-05 02:14 . 2001-08-17 21:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2012-01-05 02:14 . 2001-08-17 21:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2012-01-05 02:14 . 2001-08-17 21:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2012-01-05 02:13 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2012-01-05 02:13 . 2001-08-17 21:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2012-01-05 02:13 . 2001-08-17 21:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2012-01-05 02:13 . 2001-08-17 11:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2012-01-05 02:13 . 2001-08-17 12:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2012-01-05 02:13 . 2001-08-17 11:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-01-05 02:12 . 2001-08-17 21:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2012-01-05 02:12 . 2001-08-17 21:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2012-01-05 02:12 . 2001-08-17 12:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-01-05 02:12 . 2001-08-17 21:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2012-01-05 02:12 . 2001-08-17 13:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2012-01-05 02:12 . 2001-08-17 12:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2012-01-05 02:12 . 2001-08-17 11:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2012-01-05 02:11 . 2001-08-17 21:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-01-05 02:11 . 2001-08-17 11:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2012-01-05 02:11 . 2001-08-17 12:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2012-01-05 02:11 . 2008-04-13 23:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-01-05 02:11 . 2008-04-14 12:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2012-01-05 02:11 . 2001-08-17 12:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2012-01-05 02:11 . 2001-08-17 11:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-01-05 02:10 . 2001-08-17 13:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2012-01-05 02:10 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2012-01-05 02:10 . 2001-08-17 11:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2012-01-05 02:10 . 2001-08-17 11:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2012-01-05 02:10 . 2001-08-17 12:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-22 00:10 . 2011-12-22 00:10 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-22 00:10 . 2011-12-22 00:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-23 13:25 . 2009-03-16 22:09 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 20:35 . 2009-03-16 22:09 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2009-03-16 22:09 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2009-03-16 22:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 16:07 . 2009-03-16 22:09 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02 . 2009-03-16 22:09 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 05:31 . 2009-03-16 22:09 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-21_09.57.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-16 22:09 . 2012-01-23 21:18 72420 c:\windows\system32\perfc009.dat
+ 2009-03-16 22:09 . 2012-01-23 21:18 444544 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-01-23 416768]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-18 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-08 94208]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-13 17508864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-22 296056]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-10-08 4441944]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-5 113664]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-3-17 376832]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-07 01:50 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22.12.2011 1:07 136176]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [3.1.2012 6:28 820568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.3.2009 4:01 1684736]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22.12.2011 1:07 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [14.1.2012 6:26 40776]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [3.1.2012 6:28 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [3.1.2012 6:28 16208]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [3.1.2012 6:28 239472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 12:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 00:07]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 00:07]
.
2012-01-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3709148111-546900630-982799846-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
2012-01-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3709148111-546900630-982799846-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-PricePeep - c:\program files\PricePeep\uninstall.exe
AddRemove-Softonic_English Toolbar - c:\program files\Softonic_English\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-23 22:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-01-23 22:27:43
ComboFix-quarantined-files.txt 2012-01-23 21:27
ComboFix2.txt 2012-01-21 11:19
ComboFix3.txt 2012-01-21 10:00
.
Pre-Run: 62 260 203 520 bytes free
Post-Run: 62 231 236 608 bytes free
.
- - End Of File - - E84462EA2460B1FFF2D6597C23322BE3
  • 0

#7
Gammo
Posted 24 January 2012 - 06:42 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#8
smtzl
Posted 24 January 2012 - 07:17 PM

smtzl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Log Below.

I can't connect to the internet so mbam will not update. I have tried updating the database manually by downloading "mbam-rules.exe" but that just seems to wipe out the database and make mbab useless. Any ideas?


Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Kristina :: KRISTY [administrator]

Protection: Enabled

1/24/2012 6:49:35 PM
mbam-log-2012-01-24 (18-49-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174746
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#9
Gammo
Posted 25 January 2012 - 10:52 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Download and run WinSockFix

Does that fix your Internet connection?
  • 0

#10
smtzl
Posted 25 January 2012 - 07:32 PM

smtzl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
No, it did not fix it. I also ran it before and had no luck. I still think there is some malware blocking my connection.
  • 0

Advertisements

#11
Gammo
Posted 26 January 2012 - 07:44 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
1. Locate the file - C:\Windows\inf\Nettcpip.inf
  • It's important that you first make a copy of the file. Place the copy on your Desktop.
  • Once you have done that, use Notepad open the original file for editing.

Posted Image

2. Locate the [MS_TCPIP.PrimaryInstall] section.

3. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0×80.

Posted Image

4. Save the file, and then exit Notepad.

Posted Image

5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.

Posted Image Posted Image

6. On the General tab, click Install, select Protocol, and then click Add.

Posted Image

7. In the Select Network Protocols window, click Have Disk.

Posted Image

8. In the Copy manufacturer’s files from: text box, type c:\windows\inf, and then click OK.

Posted Image

9. Select Internet Protocol (TCP/IP), and then click OK.

Posted Image

Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.

10. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.

11. It is important that you restart the computer to complete the uninstall.

------------

Step #2 - Reinstall of TCP/IP

Posted Image

Take the nettcpip.inf which you have earlier copied to Desktop. Move it back to the directory C:\Windows\INF\ overwriting the existing copy. The file shall now look exactly like the sample above.

Redo sub-steps 4-11 to re-install TCP/IP

Did that fix your Internet?
  • 0

#12
smtzl
Posted 27 January 2012 - 12:05 AM

smtzl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
It did not fix the problem.
  • 0

#13
Gammo
Posted 27 January 2012 - 06:38 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Please download CheckConns and save it to your desk top.
Double click the icon to run it

Post the results in your next reply
  • 0

#14
smtzl
Posted 27 January 2012 - 08:30 PM

smtzl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Strange. I can't ping google.com (cant find the host), but I get a reply from the google IP address no problem.


Farbar Service Scanner Version: 18-01-2012 01
Ran by Kristina (administrator) on 27-01-2012 at 19:12:27
Systém Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(8) Gpc(6) IPSec(14) NetBT(15) PSched(7) Tcpip(9)
0x0F0000000E0000000C00000004000000010000000200000003000000050000000600000007000000080000000A0000000B0000000D000000090000000F000000


**** End of log ****





==== ServiceGroupOrder =========

PNP_TDI
TDI
NetBIOSGroup

==========================
PNP_TDI = [0f], 0e, 0c, 04, 01, 02, 03, 05, 06, 07, 08, 0a, 0b, 0d, 09, 0f

SERVICE_NAME: fssfltr
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\fssfltr_tdi.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 8
DISPLAY_NAME : FssFltr
DEPENDENCIES : tcpip

SERVICE_NAME: Gpc
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\msgpc.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 6
DISPLAY_NAME : Generic Packet Classifier

SERVICE_NAME: IPSec
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\ipsec.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 14
DISPLAY_NAME : IPSEC driver

SERVICE_NAME: NDProxy
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME :
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : NDIS Proxy

SERVICE_NAME: NetBT
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbt.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 15
DISPLAY_NAME : NetBios over Tcpip
DEPENDENCIES : Tcpip

SERVICE_NAME: PSched
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\psched.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 7
DISPLAY_NAME : QoS Packet Scheduler
DEPENDENCIES : Gpc

SERVICE_NAME: Tcpip
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\tcpip.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 9
DISPLAY_NAME : TCP/IP Protocol Driver
DEPENDENCIES : IPSec

SERVICE_NAME: WS2IFSL
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\drivers\ws2ifsl.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : Windows Socket 2.0 Non-IFS Service Provider Support Environment

==========================

SERVICE_NAME: AFD
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\drivers\afd.sys
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : AFD

SERVICE_NAME: Dhcp
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
PID : 1104
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip, Afd, NetBT

SERVICE_NAME: Dnscache
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
PID : 1192
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip

SERVICE_NAME: Dot3svc
STATE : 1 STOPPED
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k dot3svc
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wired AutoConfig
DEPENDENCIES : Ndisuio, eaphost

SERVICE_NAME: LmHosts
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
PID : 1292
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT, Afd

SERVICE_NAME: WZCSVC
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
PID : 1104
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs, Ndisuio

==========================
NetBIOSGroup = [01], 01

SERVICE_NAME: NetBIOS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbios.sys
LOAD_ORDER_GROUP : NetBIOSGroup
TAG : 1
DISPLAY_NAME : NetBIOS Interface
  • 0

#15
Gammo
Posted 28 January 2012 - 07:34 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
1. Reset the IP/DNS settings of your interent connection:
  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
  • Under General tab:
  • Select "Obtain an IP address automatically".
  • Select "Obtain DNS server address automatically".

[*]Click OK twice to save the settings.[/list]2. Flush the DNS cache:
  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:

    ipconfig /flushdns
  • Then hit enter.
  • Exit the command window.

Does that fix your Internet connection? If not, please perform the steps below as well:

1. Configure OpenDNS:
  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
  • Under General tab:
  • Select "Use the following DNS server addresses".
  • Set the "Preferred DNS server" to 208.67.222.222
  • Set the "Alternate DNS server" to 208.67.220.220
[/list]
[*]Click OK twice to save the settings.[/list]2. Flush the DNS cache:
  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:

    ipconfig /flushdns
  • Then hit enter.
  • Exit the command window.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP