Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Major Lag... Malware?


  • Please log in to reply

#16
CarbonTiger

CarbonTiger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
there wasnt an extras,yxt again heres the other one though:

OTListIt logfile created on: 3/14/2009 3:34:16 PM - Run 7
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\Justin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 130.23 Mb Available Physical Memory | 25.87% Memory free
1.94 Gb Paging File | 1.53 Gb Available in Paging File | 79.02% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.20 Gb Total Space | 4.23 Gb Free Space | 12.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZEN
Current User Name: Justin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - C:\WINDOWS\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Justin\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [Auto | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (gusvc [Disabled | Stopped]) -- File not found
SRV - (helpsvc [On_Demand | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NBService [Auto | Running]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Running]) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NICCONFIGSVC [Disabled | Stopped]) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
SRV - (NMIndexingService [Auto | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (PSI_SVC_2 [Auto | Running]) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (StarWindService [Auto | Running]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
SRV - (StarWindServiceAE [Disabled | Stopped]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.ProgramStatisticsSvc [Auto | Running]) -- C:\WINDOWS\System32\TUProgSt.exe (TuneUp Software)
SRV - (UxTuneUp [Auto | Running]) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CoachUsb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachUsb.sys (Accapella)
DRV - (CoachVc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachVc.sys (Accapella)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ENTECH [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys (EnTech Taiwan)
DRV - (GenPort [Auto | Running]) -- C:\WINDOWS\System32\drivers\genport.sys (3Dfx Interactive, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (MapMem [Auto | Running]) -- C:\WINDOWS\System32\drivers\MAPMEM.SYS (3Dfx Interactive, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NaiAvFilter1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\naiavf5x.sys (McAfee Inc.)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (NTRemap [Auto | Running]) -- C:\WINDOWS\System32\drivers\NTREMAP.SYS (3Dfx Interactive, Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (samhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\samhid.sys ()
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfsync02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfsync04 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfvfs02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USB_RNDIS_XP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - presf.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> %ProgramFiles%\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/03/11 09:56:36 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/10 10:59:21 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/05 01:25:47 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Extensions [2009/01/08 23:07:10 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/01/08 23:07:10 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions [2009/03/12 22:08:28 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009/01/08 22:48:17 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/01/28 14:40:46 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/01/29 14:20:56 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2009/02/01 05:05:54 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760} [2009/01/08 22:48:08 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009/01/18 16:08:14 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\q87xq2df.default\extensions [2006/06/29 09:47:52 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\q87xq2df.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2) [2006/06/29 09:47:34 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/03/12 22:08:33 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2) [2006/06/29 09:47:54 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/05 01:25:47 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}(2) [2007/03/22 14:03:51 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE} [2007/08/18 04:21:25 00,000,000 | ---D | M]

O1 HOSTS File: (770 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {24401945-F72F-3460-B74E-12FF3616160B} - Reg Error: Key error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7D3FDFDA-1716-38E5-3621-3A71C2799795} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: svchost.exe =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLastUserName = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Reg Error: Key error.)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (Reg Error: Key error.)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{F1EC2354-B61F-47F5-89B8-88C8D9B460A9}\\NameServer = 192.168.1.254,192.168.2.254
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\winosz32: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\iexplore.exe: Debugger - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[3 C:\*.tmp files]
[9 C:\WINDOWS\System32\*.tmp files]
[2009/03/14 08:19:37 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/14 08:15:15 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/12 12:33:45 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Justin\Desktop\OTListIt2.exe
[2009/03/12 12:21:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Malwarebytes
[2009/03/12 12:21:00 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/12 12:20:59 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/12 12:20:56 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/12 12:20:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/12 12:20:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/11 10:49:34 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/03/11 09:58:28 | 00,001,517 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/03/11 09:58:27 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/11 09:58:25 | 00,107,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/11 09:58:17 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/11 09:58:16 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/11 09:57:30 | 34,058,980 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/11 09:57:30 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/11 09:57:30 | 00,037,735 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/11 09:57:22 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/11 09:57:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/03/11 09:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/10 21:32:17 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.lnk
[2009/03/10 21:32:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/10 17:44:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/10 16:51:43 | 00,000,943 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Spybot - Search & Destroy.lnk
[2009/03/10 16:50:59 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/10 13:17:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Uniblue
[2009/03/10 12:50:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\ErrorRepairTool
[2009/03/10 11:32:18 | 01,753,088 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExGrid.dll
[2009/03/10 11:32:17 | 00,614,400 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExButton.dll
[2009/03/10 11:32:17 | 00,602,112 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExMenu.dll
[2009/03/10 11:32:17 | 00,516,096 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExTab.dll
[2009/03/10 11:32:17 | 00,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2009/03/10 11:32:17 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\System32\eSellerateEngine.dll
[2009/03/10 11:32:17 | 00,307,200 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExPMenu.dll
[2009/03/10 11:32:17 | 00,118,784 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\System32\eWebControl.dll
[2009/03/10 11:32:13 | 00,000,000 | ---D | C] -- C:\Program Files\AnswersThatWork
[2009/03/09 01:33:22 | 00,000,560 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\ePSXe.lnk
[2009/03/07 01:13:45 | 00,421,888 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm
[2009/03/07 01:13:43 | 00,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2009/03/05 00:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\Max Payne Savegames
[2009/03/03 09:56:51 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/02 01:13:48 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Justin\My Documents\My Videos
[2009/03/02 01:00:08 | 02,328,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe
[2009/02/28 16:14:45 | 00,106,186 | ---- | C] () -- C:\Documents and Settings\Justin\My Documents\My Games.gmc
[2009/02/28 14:53:19 | 00,000,930 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Movie Collector.lnk
[2009/02/28 14:53:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\Movie Collector
[2009/02/28 14:35:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Local Settings\Application Data\Collectorz.com
[2009/02/28 14:34:45 | 00,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Collector.lnk
[2009/02/28 14:34:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\Game Collector
[2009/02/28 14:34:36 | 00,000,000 | ---D | C] -- C:\Program Files\Collectorz.com
[2009/02/28 13:35:23 | 00,003,120 | ---- | C] () -- C:\WINDOWS\System32\5d626963-17b5-4739-8e58-17690d08ca1e.dll
[2009/02/28 13:35:23 | 00,003,120 | ---- | C] () -- C:\WINDOWS\c579bc41-bc8c-4832-b2df-01393a4f020f.ocx
[2009/02/28 13:32:22 | 00,000,089 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\trialbvsdvdorg.lic
[2009/02/28 13:32:22 | 00,000,089 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\sectrialbvsdvdorg.lic
[2009/02/25 16:41:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Bitstream
[2009/02/25 14:46:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\Corel User Files
[2009/02/25 14:37:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2009/02/25 14:37:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009/02/25 14:31:45 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2009/02/22 15:43:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/02/20 22:33:24 | 00,000,914 | ---- | C] () -- C:\Documents and Settings\Justin\My Documents\My Sharing Folders.lnk
[2009/02/16 23:04:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/02/16 23:04:16 | 00,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2009/02/16 23:04:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/02/13 14:37:29 | 00,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GTA San Andreas.lnk
[2009/02/13 14:27:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\GTA San Andreas User Files
[2009/02/12 21:16:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\WININIT.INI

========== Files - Modified Within 30 Days ==========

[3 C:\*.tmp files]
[9 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/14 15:45:53 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{238319EA-3ECB-4AB7-AC41-6A125D5B7365}.job
[2009/03/14 12:47:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/14 10:00:25 | 34,058,980 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/14 08:29:07 | 00,000,787 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\AtomicAlarmClock.ini
[2009/03/14 08:28:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/14 08:25:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/14 08:25:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/13 08:28:46 | 00,037,735 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/13 01:13:52 | 00,060,416 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/12 20:51:26 | 00,004,184 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/03/12 20:46:00 | 00,001,517 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Notepad.lnk
[2009/03/12 12:33:48 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Justin\Desktop\OTListIt2.exe
[2009/03/12 12:21:00 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/11 09:58:28 | 00,001,517 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/03/11 09:58:27 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/11 09:58:26 | 00,107,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/11 09:58:18 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/11 09:58:16 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/11 09:57:30 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/11 09:57:30 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/11 09:26:25 | 00,106,186 | ---- | M] () -- C:\Documents and Settings\Justin\My Documents\My Games.gmc
[2009/03/11 00:48:01 | 00,000,555 | -HS- | M] () -- C:\boot.ini
[2009/03/10 21:32:17 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.lnk
[2009/03/10 17:05:29 | 00,000,943 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Spybot - Search & Destroy.lnk
[2009/03/09 01:33:22 | 00,000,560 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\ePSXe.lnk
[2009/03/08 18:58:56 | 00,411,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 18:58:56 | 00,068,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/08 18:58:56 | 00,003,454 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 18:50:27 | 04,783,326 | -H-- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\IconCache.db
[2009/03/08 04:15:37 | 00,000,392 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/03/06 12:21:09 | 00,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/05 03:24:11 | 00,001,518 | ---- | M] () -- C:\ff8input.cfg
[2009/03/02 02:37:39 | 00,000,061 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/03/02 01:00:08 | 02,328,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe
[2009/02/28 14:53:19 | 00,000,930 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Movie Collector.lnk
[2009/02/28 14:34:45 | 00,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Collector.lnk
[2009/02/28 13:35:23 | 00,003,120 | ---- | M] () -- C:\WINDOWS\System32\5d626963-17b5-4739-8e58-17690d08ca1e.dll
[2009/02/28 13:35:23 | 00,003,120 | ---- | M] () -- C:\WINDOWS\c579bc41-bc8c-4832-b2df-01393a4f020f.ocx
[2009/02/28 13:32:22 | 00,000,089 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\trialbvsdvdorg.lic
[2009/02/28 13:32:22 | 00,000,089 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\sectrialbvsdvdorg.lic
[2009/02/25 16:44:17 | 00,051,448 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/25 11:53:27 | 00,000,914 | ---- | M] () -- C:\Documents and Settings\Justin\My Documents\My Sharing Folders.lnk
[2009/02/25 05:37:16 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/02/20 17:15:23 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Windows Media Player.lnk
[2009/02/18 23:17:47 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Justin\My Documents\desktop.ini
[2009/02/13 14:37:29 | 00,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GTA San Andreas.lnk
[2009/02/13 12:22:38 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\alarms.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 366 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703
< End of report >
  • 0

Advertisements


#17
CarbonTiger

CarbonTiger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
there was no extra.txt again here is the other one though:






OTListIt logfile created on: 3/14/2009 3:34:16 PM - Run 7
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\Justin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 130.23 Mb Available Physical Memory | 25.87% Memory free
1.94 Gb Paging File | 1.53 Gb Available in Paging File | 79.02% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.20 Gb Total Space | 4.23 Gb Free Space | 12.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZEN
Current User Name: Justin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - C:\WINDOWS\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Justin\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [Auto | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (gusvc [Disabled | Stopped]) -- File not found
SRV - (helpsvc [On_Demand | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NBService [Auto | Running]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Running]) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NICCONFIGSVC [Disabled | Stopped]) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
SRV - (NMIndexingService [Auto | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (PSI_SVC_2 [Auto | Running]) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (StarWindService [Auto | Running]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
SRV - (StarWindServiceAE [Disabled | Stopped]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.ProgramStatisticsSvc [Auto | Running]) -- C:\WINDOWS\System32\TUProgSt.exe (TuneUp Software)
SRV - (UxTuneUp [Auto | Running]) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CoachUsb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachUsb.sys (Accapella)
DRV - (CoachVc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachVc.sys (Accapella)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ENTECH [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys (EnTech Taiwan)
DRV - (GenPort [Auto | Running]) -- C:\WINDOWS\System32\drivers\genport.sys (3Dfx Interactive, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (MapMem [Auto | Running]) -- C:\WINDOWS\System32\drivers\MAPMEM.SYS (3Dfx Interactive, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NaiAvFilter1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\naiavf5x.sys (McAfee Inc.)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (NTRemap [Auto | Running]) -- C:\WINDOWS\System32\drivers\NTREMAP.SYS (3Dfx Interactive, Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (samhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\samhid.sys ()
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfsync02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfsync04 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfvfs02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USB_RNDIS_XP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - presf.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> %ProgramFiles%\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/03/11 09:56:36 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/10 10:59:21 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/05 01:25:47 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Extensions [2009/01/08 23:07:10 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/01/08 23:07:10 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions [2009/03/12 22:08:28 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009/01/08 22:48:17 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/01/28 14:40:46 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/01/29 14:20:56 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2009/02/01 05:05:54 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760} [2009/01/08 22:48:08 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\dnarzlwh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009/01/18 16:08:14 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\q87xq2df.default\extensions [2006/06/29 09:47:52 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Justin\Application Data\mozilla\Firefox\Profiles\q87xq2df.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2) [2006/06/29 09:47:34 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/03/12 22:08:33 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2) [2006/06/29 09:47:54 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/05 01:25:47 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}(2) [2007/03/22 14:03:51 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE} [2007/08/18 04:21:25 00,000,000 | ---D | M]

O1 HOSTS File: (770 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {24401945-F72F-3460-B74E-12FF3616160B} - Reg Error: Key error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7D3FDFDA-1716-38E5-3621-3A71C2799795} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: svchost.exe =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLastUserName = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Reg Error: Key error.)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (Reg Error: Key error.)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{F1EC2354-B61F-47F5-89B8-88C8D9B460A9}\\NameServer = 192.168.1.254,192.168.2.254
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\winosz32: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\iexplore.exe: Debugger - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[3 C:\*.tmp files]
[9 C:\WINDOWS\System32\*.tmp files]
[2009/03/14 08:19:37 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/14 08:15:15 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/12 12:33:45 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Justin\Desktop\OTListIt2.exe
[2009/03/12 12:21:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Malwarebytes
[2009/03/12 12:21:00 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/12 12:20:59 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/12 12:20:56 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/12 12:20:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/12 12:20:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/11 10:49:34 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/03/11 09:58:28 | 00,001,517 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/03/11 09:58:27 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/11 09:58:25 | 00,107,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/11 09:58:17 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/11 09:58:16 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/11 09:57:30 | 34,058,980 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/11 09:57:30 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/11 09:57:30 | 00,037,735 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/11 09:57:22 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/11 09:57:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/03/11 09:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/10 21:32:17 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.lnk
[2009/03/10 21:32:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/10 17:44:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/10 16:51:43 | 00,000,943 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Spybot - Search & Destroy.lnk
[2009/03/10 16:50:59 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/10 13:17:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Uniblue
[2009/03/10 12:50:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\ErrorRepairTool
[2009/03/10 11:32:18 | 01,753,088 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExGrid.dll
[2009/03/10 11:32:17 | 00,614,400 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExButton.dll
[2009/03/10 11:32:17 | 00,602,112 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExMenu.dll
[2009/03/10 11:32:17 | 00,516,096 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExTab.dll
[2009/03/10 11:32:17 | 00,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2009/03/10 11:32:17 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\System32\eSellerateEngine.dll
[2009/03/10 11:32:17 | 00,307,200 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExPMenu.dll
[2009/03/10 11:32:17 | 00,118,784 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\System32\eWebControl.dll
[2009/03/10 11:32:13 | 00,000,000 | ---D | C] -- C:\Program Files\AnswersThatWork
[2009/03/09 01:33:22 | 00,000,560 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\ePSXe.lnk
[2009/03/07 01:13:45 | 00,421,888 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm
[2009/03/07 01:13:43 | 00,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2009/03/05 00:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\Max Payne Savegames
[2009/03/03 09:56:51 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/02 01:13:48 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Justin\My Documents\My Videos
[2009/03/02 01:00:08 | 02,328,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe
[2009/02/28 16:14:45 | 00,106,186 | ---- | C] () -- C:\Documents and Settings\Justin\My Documents\My Games.gmc
[2009/02/28 14:53:19 | 00,000,930 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Movie Collector.lnk
[2009/02/28 14:53:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\Movie Collector
[2009/02/28 14:35:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Local Settings\Application Data\Collectorz.com
[2009/02/28 14:34:45 | 00,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Collector.lnk
[2009/02/28 14:34:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\Game Collector
[2009/02/28 14:34:36 | 00,000,000 | ---D | C] -- C:\Program Files\Collectorz.com
[2009/02/28 13:35:23 | 00,003,120 | ---- | C] () -- C:\WINDOWS\System32\5d626963-17b5-4739-8e58-17690d08ca1e.dll
[2009/02/28 13:35:23 | 00,003,120 | ---- | C] () -- C:\WINDOWS\c579bc41-bc8c-4832-b2df-01393a4f020f.ocx
[2009/02/28 13:32:22 | 00,000,089 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\trialbvsdvdorg.lic
[2009/02/28 13:32:22 | 00,000,089 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\sectrialbvsdvdorg.lic
[2009/02/25 16:41:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Bitstream
[2009/02/25 14:46:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\Corel User Files
[2009/02/25 14:37:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2009/02/25 14:37:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009/02/25 14:31:45 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2009/02/22 15:43:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/02/20 22:33:24 | 00,000,914 | ---- | C] () -- C:\Documents and Settings\Justin\My Documents\My Sharing Folders.lnk
[2009/02/16 23:04:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/02/16 23:04:16 | 00,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2009/02/16 23:04:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/02/13 14:37:29 | 00,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GTA San Andreas.lnk
[2009/02/13 14:27:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\GTA San Andreas User Files
[2009/02/12 21:16:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\WININIT.INI

========== Files - Modified Within 30 Days ==========

[3 C:\*.tmp files]
[9 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/14 15:45:53 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{238319EA-3ECB-4AB7-AC41-6A125D5B7365}.job
[2009/03/14 12:47:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/14 10:00:25 | 34,058,980 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/14 08:29:07 | 00,000,787 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\AtomicAlarmClock.ini
[2009/03/14 08:28:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/14 08:25:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/14 08:25:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/13 08:28:46 | 00,037,735 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/13 01:13:52 | 00,060,416 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/12 20:51:26 | 00,004,184 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/03/12 20:46:00 | 00,001,517 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Notepad.lnk
[2009/03/12 12:33:48 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Justin\Desktop\OTListIt2.exe
[2009/03/12 12:21:00 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/11 09:58:28 | 00,001,517 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/03/11 09:58:27 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/11 09:58:26 | 00,107,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/11 09:58:18 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/11 09:58:16 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/11 09:57:30 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/11 09:57:30 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/11 09:26:25 | 00,106,186 | ---- | M] () -- C:\Documents and Settings\Justin\My Documents\My Games.gmc
[2009/03/11 00:48:01 | 00,000,555 | -HS- | M] () -- C:\boot.ini
[2009/03/10 21:32:17 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.lnk
[2009/03/10 17:05:29 | 00,000,943 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Spybot - Search & Destroy.lnk
[2009/03/09 01:33:22 | 00,000,560 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\ePSXe.lnk
[2009/03/08 18:58:56 | 00,411,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 18:58:56 | 00,068,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/08 18:58:56 | 00,003,454 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 18:50:27 | 04,783,326 | -H-- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\IconCache.db
[2009/03/08 04:15:37 | 00,000,392 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/03/06 12:21:09 | 00,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/05 03:24:11 | 00,001,518 | ---- | M] () -- C:\ff8input.cfg
[2009/03/02 02:37:39 | 00,000,061 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/03/02 01:00:08 | 02,328,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe
[2009/02/28 14:53:19 | 00,000,930 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Movie Collector.lnk
[2009/02/28 14:34:45 | 00,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Collector.lnk
[2009/02/28 13:35:23 | 00,003,120 | ---- | M] () -- C:\WINDOWS\System32\5d626963-17b5-4739-8e58-17690d08ca1e.dll
[2009/02/28 13:35:23 | 00,003,120 | ---- | M] () -- C:\WINDOWS\c579bc41-bc8c-4832-b2df-01393a4f020f.ocx
[2009/02/28 13:32:22 | 00,000,089 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\trialbvsdvdorg.lic
[2009/02/28 13:32:22 | 00,000,089 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\sectrialbvsdvdorg.lic
[2009/02/25 16:44:17 | 00,051,448 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/25 11:53:27 | 00,000,914 | ---- | M] () -- C:\Documents and Settings\Justin\My Documents\My Sharing Folders.lnk
[2009/02/25 05:37:16 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/02/20 17:15:23 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Windows Media Player.lnk
[2009/02/18 23:17:47 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Justin\My Documents\desktop.ini
[2009/02/13 14:37:29 | 00,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GTA San Andreas.lnk
[2009/02/13 12:22:38 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\alarms.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 366 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703
< End of report >
  • 0

#18
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
STEP ONE
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#19
CarbonTiger

CarbonTiger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ComboFix 09-03-13.02 - Justin 2009-03-15 9:04:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.207 [GMT -5:00]
Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-15 09:02 . 2009-03-15 09:02 <DIR> d-------- C:\32788R22FWJFW
2009-03-14 08:19 . 2009-03-14 08:19 <DIR> d-------- C:\_OTListIt
2009-03-14 08:15 . 2009-03-14 08:16 <DIR> d-------- C:\Rooter$
2009-03-12 12:21 . 2009-03-12 12:21 <DIR> d-------- c:\documents and settings\Justin\Application Data\Malwarebytes
2009-03-12 12:20 . 2009-03-12 12:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-12 12:20 . 2009-03-12 12:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-12 12:20 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-12 12:20 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-11 09:58 . 2009-03-11 09:58 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-11 09:58 . 2009-03-11 09:58 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-11 09:58 . 2009-03-11 09:58 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-11 09:57 . 2009-03-14 10:00 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-11 09:56 . 2009-03-14 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-10 21:32 . 2009-03-10 21:32 <DIR> d-------- c:\program files\Trend Micro
2009-03-10 17:44 . 2009-03-10 18:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-10 16:50 . 2009-03-15 09:00 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-10 13:17 . 2009-03-10 13:17 <DIR> d-------- c:\documents and settings\Justin\Application Data\Uniblue
2009-03-10 12:50 . 2009-03-10 12:52 <DIR> d-------- c:\documents and settings\Justin\Application Data\ErrorRepairTool
2009-03-10 11:32 . 2009-03-10 11:32 <DIR> d-------- c:\program files\AnswersThatWork
2009-03-10 11:32 . 2007-06-08 13:53 1,753,088 --a------ c:\windows\system32\ExGrid.dll
2009-03-10 11:32 . 2007-04-03 16:51 614,400 --a------ c:\windows\system32\ExButton.dll
2009-03-10 11:32 . 2007-06-05 10:20 602,112 --a------ c:\windows\system32\ExMenu.dll
2009-03-10 11:32 . 2007-06-05 10:19 516,096 --a------ c:\windows\system32\ExTab.dll
2009-03-10 11:32 . 1998-04-24 00:00 368,912 --a------ c:\windows\system32\vbar332.dll
2009-03-10 11:32 . 2005-10-11 14:40 356,352 --a------ c:\windows\system32\eSellerateEngine.dll
2009-03-10 11:32 . 2007-04-03 16:51 307,200 --a------ c:\windows\system32\ExPMenu.dll
2009-03-10 11:32 . 2005-10-04 08:11 118,784 --a------ c:\windows\system32\eWebControl.dll
2009-03-07 01:13 . 2009-03-07 01:13 <DIR> d-------- c:\program files\AC3Filter
2009-03-07 01:13 . 2008-07-09 03:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-03-03 09:56 . 2009-03-03 09:56 <DIR> d-------- c:\program files\AVG
2009-03-02 01:20 . 2009-03-02 01:20 <DIR> d--hs---- c:\documents and settings\Justin\IECompatCache
2009-03-02 01:00 . 2009-03-02 01:00 2,328,832 --a------ c:\windows\system32\TUKernel.exe
2009-02-28 14:34 . 2009-02-28 14:53 <DIR> d-------- c:\program files\Collectorz.com
2009-02-28 13:35 . 2009-02-28 13:35 3,120 --a------ c:\windows\system32\5d626963-17b5-4739-8e58-17690d08ca1e.dll
2009-02-28 13:35 . 2009-02-28 13:35 3,120 --a------ c:\windows\c579bc41-bc8c-4832-b2df-01393a4f020f.ocx
2009-02-25 16:41 . 2009-02-25 16:41 <DIR> d-------- c:\documents and settings\Justin\Application Data\Bitstream
2009-02-25 14:37 . 2009-02-25 14:37 <DIR> d-------- c:\program files\Common Files\Protexis
2009-02-25 14:37 . 2009-02-25 14:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-02-25 14:31 . 2009-02-25 14:31 <DIR> d-------- c:\program files\Corel
2009-02-22 15:43 . 2009-02-25 11:37 <DIR> d-------- c:\windows\system32\Adobe
2009-02-20 18:56 . 2009-02-20 18:56 91 ---hs---- c:\documents and settings\Desktop.ini
2009-02-16 23:04 . 2009-02-27 22:37 <DIR> d-------- c:\program files\Rosetta Stone
2009-02-16 23:04 . 2009-02-16 23:04 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-02-16 23:04 . 2009-02-27 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rosetta Stone

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 14:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-13 20:07 --------- d-----w c:\documents and settings\Justin\Application Data\uTorrent
2009-03-13 01:51 4,184 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-11 01:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-11 01:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-06 17:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 19:39 --------- d-----w c:\documents and settings\Justin\Application Data\Corel
2009-02-25 19:10 --------- d-----w c:\program files\Common Files\Adobe
2009-02-25 17:28 --------- d-----w c:\program files\Perfect Uninstaller
2009-02-19 04:21 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-08 23:14 --------- d-----w c:\program files\MP3 Player Utilities 3.68
2009-02-08 20:39 --------- d-----w c:\documents and settings\Justin\Application Data\LimeWire
2009-02-08 05:28 --------- d-----w c:\program files\Common Files\Bcgsoft
2009-02-07 20:47 --------- d-----w c:\documents and settings\Justin\Application Data\Hide IP NG
2009-02-05 06:37 4,608 ----a-w c:\windows\system32\w95inf32.dll
2009-02-05 06:37 2,272 ----a-w c:\windows\system32\w95inf16.dll
2009-02-03 19:20 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-02-01 07:26 --------- d-----w c:\program files\uTorrent
2009-01-29 22:30 --------- d-----w c:\documents and settings\Justin\Application Data\TuxPaint
2009-01-25 16:41 --------- d-----w c:\program files\Common Files\INCA Shared
2009-01-25 03:23 --------- d-----w c:\program files\Zone Labs
2009-01-23 22:12 --------- d-----w c:\program files\Atomic Alarm Clock
2009-01-23 21:45 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-23 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-23 18:25 --------- d-----w c:\program files\AutoMouseCliker
2009-01-20 04:25 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-01-20 04:23 --------- d-----w c:\program files\Common Files\Ahead
2009-01-20 04:20 --------- d-----w c:\program files\Nero
2009-01-20 04:20 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-01-18 18:28 --------- d-----w c:\documents and settings\Justin\Application Data\WarZone
2009-01-18 07:01 88 --sh--r c:\documents and settings\All Users\Application Data\ACFB8A4B37.sys
2009-01-16 17:55 --------- d-----w c:\documents and settings\Justin\Application Data\U3
2009-01-15 08:17 636,264 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-01-15 08:17 392,040 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 08:13 5,888,512 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 08:12 10,963,968 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-01-15 08:06 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-01-15 08:06 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2009-01-15 08:06 1,182,720 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-01-15 08:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 08:05 911,872 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-01-15 08:05 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-01-15 08:05 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 08:05 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-01-15 08:05 109,056 ----a-w c:\windows\system32\dllcache\occache.dll
2009-01-15 08:04 755,200 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-01-15 08:04 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 08:04 18,944 ----a-w c:\windows\system32\corpol.dll
2009-01-15 08:04 18,944 ------w c:\windows\system32\dllcache\corpol.dll
2009-01-15 08:02 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-01-15 08:02 593,920 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-01-15 08:02 1,975,296 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-01-15 08:01 66,560 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 08:01 59,904 ----a-w c:\windows\system32\dllcache\icardie.dll
2009-01-15 08:01 54,272 ----a-w c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-15 08:01 46,592 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 08:01 348,160 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 08:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 08:01 34,304 ----a-w c:\windows\system32\dllcache\imgutil.dll
2009-01-15 08:01 216,064 ----a-w c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 08:01 183,808 ----a-w c:\windows\system32\dllcache\iepeers.dll
2009-01-15 08:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 08:00 48,128 ----a-w c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 08:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-15 08:00 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
2009-01-15 07:53 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 07:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-15 07:50 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-01-15 07:35 445,440 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-01-11 05:00 79,360 ------w c:\windows\system32\dllcache\iecompat.dll
2009-01-06 17:31 82,266 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_01_06_11_09_06_small.dmp.zip
2009-01-06 17:08 83,729 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_01_06_11_05_00_small.dmp.zip
2009-01-04 03:12 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-04 03:12 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-01 00:22 89,777,067 ----a-w c:\windows\system32\xa158985125.exe
2009-01-01 00:22 89,777,067 ----a-w c:\windows\system32\xa158957375.exe
2009-01-01 00:22 89,777,067 ----a-w c:\windows\system32\xa158946500.exe
2009-01-01 00:22 89,777,067 ----a-w c:\windows\system32\xa158930578.exe
2007-08-23 06:08 139 ---ha-w c:\program files\Desktop.ini
2007-07-01 10:37 96,978 ----a-w c:\program files\VirtumundoBeGone.exe
2007-03-17 04:46 1,595 -c--a-w c:\documents and settings\Justin\Application Data\SAS7_000.DAT
2006-11-06 00:54 1,523 ----a-w c:\program files\backup.reg
2006-05-11 07:57 88 --sha-r c:\windows\system32\406206B8B0.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-03-15_ 2.01.37.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-12-05 06:54:55 144,896 ------w c:\windows\system32\dllcache\schannel.dll
- 2007-06-12 04:51:12 10,834,944 ----a-w c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 23:34:42 10,838,016 ----a-w c:\windows\system32\dllcache\wmp.dll
- 2009-03-06 17:21:09 197,752 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-15 08:16:07 197,752 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 17:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\system32\schannel.dll
- 2007-06-12 04:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 23:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
+ 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-09-24 527360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-11 09:58 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^StripSaver2.lnk]
backup=c:\windows\pss\StripSaver2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
backup=c:\windows\pss\VirtuaGirl2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2009-01-10 14:59 4608 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2006-11-01 20:48 1392640 c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 01:05 127035 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 19:24 50760 c:\program files\Common Files\AOL\1147137094\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2007-01-13 11:47 163840 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2007-01-13 11:46 135168 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2007-01-13 11:47 131072 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 11:59 124520 c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 10:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 10:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2003-09-29 17:00 155648 c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 04:23 75520 c:\program files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-09-09 23:19 393216 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147137094\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147137094\\ee\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14998:TCP"= 14998:TCP:BitComet 14998 TCP
"14998:UDP"= 14998:UDP:BitComet 14998 UDP
"7045:TCP"= 7045:TCP:BitComet 7045 TCP
"7045:UDP"= 7045:UDP:BitComet 7045 UDP
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"14735:TCP"= 14735:TCP:BitComet 14735 TCP
"14735:UDP"= 14735:UDP:BitComet 14735 UDP
"18700:TCP"= 18700:TCP:*:Disabled:SolidNetworkManager
"18700:UDP"= 18700:UDP:*:Disabled:SolidNetworkManager
"63380:TCP"= 63380:TCP:*:Disabled:SolidNetworkManager
"63380:UDP"= 63380:UDP:*:Disabled:SolidNetworkManager
"15132:TCP"= 15132:TCP:*:Disabled:SolidNetworkManager
"15132:UDP"= 15132:UDP:*:Disabled:SolidNetworkManager

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-11 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-11 107912]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024]
R2 GenPort;GenPort;c:\windows\system32\drivers\genport.sys [2007-08-05 4832]
R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [2007-08-05 6816]
R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [2007-08-05 6336]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-03 603904]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2006-12-30 7548]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S4 Aspl2cn;Aspl2cn; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 15:36]

2009-03-15 c:\windows\Tasks\User_Feed_Synchronization-{238319EA-3ECB-4AB7-AC41-6A125D5B7365}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 03:01]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{24401945-F72F-3460-B74E-12FF3616160B} - (no file)
BHO-{7D3FDFDA-1716-38E5-3621-3A71C2799795} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page =
mLocal Page =
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:[email protected]
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
TCP: {F1EC2354-B61F-47F5-89B8-88C8D9B460A9} = 192.168.1.254,192.168.2.254
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\dnarzlwh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 09:10:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-15 9:15:44
ComboFix-quarantined-files.txt 2009-03-15 14:15:02
ComboFix2.txt 2009-03-15 07:04:38

Pre-Run: 4,352,729,088 bytes free
Post-Run: 4,320,800,768 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
335 --- E O F --- 2009-03-15 08:07:46
  • 0

#20
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
STEP ONE
The first thing I see here is that you have two anti-virus programs installed. I highly recommend that you removed one. Running two anti-virus programs will cause tremendous performance loss. You have McAfee and AVG. Please choose one to removed. If your subscription to McAfee has ran out, I would suggest to remove it and keep AVG.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

McAfee or AVG

STEP TWO
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\xa158930578.exe
c:\windows\system32\xa158946500.exe
c:\windows\system32\xa158957375.exe
c:\windows\system32\xa158985125.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

STEP THREE
Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#21
CarbonTiger

CarbonTiger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
if it says mcafee is on my pc then there is something very fishy there. i hate mcafee and never used it. one of the first things i did when i got this laptopp was remove mcafee. also it isnt under my program manager anywhere. i like to use Perfect Uninstaller, but it doesnt show up under the windows add/remove programs either. ill get on the other stuff right now though.
  • 0

#22
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
To remove McAfee, see the following


Download the McAfee Removal Tool

Double-click MCPR.exe to run the removal tool and follow the on screen instructions.

Once it's finished, restart your computer after receiving the message CleanUp Successful.
  • 0

#23
CarbonTiger

CarbonTiger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ComboFix 09-03-13.02 - Justin 2009-03-16 13:48:52.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.100 [GMT -5:00]
Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Justin\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: *disabled*

FILE ::
c:\windows\system32\xa158930578.exe
c:\windows\system32\xa158946500.exe
c:\windows\system32\xa158957375.exe
c:\windows\system32\xa158985125.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\xa158930578.exe
c:\windows\system32\xa158946500.exe
c:\windows\system32\xa158957375.exe
c:\windows\system32\xa158985125.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))
.

2009-03-14 08:19 . 2009-03-14 08:19 <DIR> d-------- C:\_OTListIt
2009-03-14 08:15 . 2009-03-14 08:16 <DIR> d-------- C:\Rooter$
2009-03-12 12:21 . 2009-03-12 12:21 <DIR> d-------- c:\documents and settings\Justin\Application Data\Malwarebytes
2009-03-12 12:20 . 2009-03-12 12:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-12 12:20 . 2009-03-12 12:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-12 12:20 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-12 12:20 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-11 09:58 . 2009-03-11 09:58 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-11 09:58 . 2009-03-11 09:58 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-11 09:58 . 2009-03-11 09:58 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-11 09:57 . 2009-03-14 10:00 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-11 09:56 . 2009-03-14 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-10 21:32 . 2009-03-10 21:32 <DIR> d-------- c:\program files\Trend Micro
2009-03-10 17:44 . 2009-03-10 18:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-10 16:50 . 2009-03-15 09:00 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-10 13:17 . 2009-03-10 13:17 <DIR> d-------- c:\documents and settings\Justin\Application Data\Uniblue
2009-03-10 12:50 . 2009-03-10 12:52 <DIR> d-------- c:\documents and settings\Justin\Application Data\ErrorRepairTool
2009-03-10 11:32 . 2009-03-10 11:32 <DIR> d-------- c:\program files\AnswersThatWork
2009-03-10 11:32 . 2007-06-08 13:53 1,753,088 --a------ c:\windows\system32\ExGrid.dll
2009-03-10 11:32 . 2007-04-03 16:51 614,400 --a------ c:\windows\system32\ExButton.dll
2009-03-10 11:32 . 2007-06-05 10:20 602,112 --a------ c:\windows\system32\ExMenu.dll
2009-03-10 11:32 . 2007-06-05 10:19 516,096 --a------ c:\windows\system32\ExTab.dll
2009-03-10 11:32 . 1998-04-24 00:00 368,912 --a------ c:\windows\system32\vbar332.dll
2009-03-10 11:32 . 2005-10-11 14:40 356,352 --a------ c:\windows\system32\eSellerateEngine.dll
2009-03-10 11:32 . 2007-04-03 16:51 307,200 --a------ c:\windows\system32\ExPMenu.dll
2009-03-10 11:32 . 2005-10-04 08:11 118,784 --a------ c:\windows\system32\eWebControl.dll
2009-03-07 01:13 . 2009-03-07 01:13 <DIR> d-------- c:\program files\AC3Filter
2009-03-07 01:13 . 2008-07-09 03:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-03-03 09:56 . 2009-03-03 09:56 <DIR> d-------- c:\program files\AVG
2009-03-02 01:20 . 2009-03-02 01:20 <DIR> d--hs---- c:\documents and settings\Justin\IECompatCache
2009-03-02 01:00 . 2009-03-02 01:00 2,328,832 --a------ c:\windows\system32\TUKernel.exe
2009-02-28 14:34 . 2009-02-28 14:53 <DIR> d-------- c:\program files\Collectorz.com
2009-02-28 13:35 . 2009-02-28 13:35 3,120 --a------ c:\windows\system32\5d626963-17b5-4739-8e58-17690d08ca1e.dll
2009-02-28 13:35 . 2009-02-28 13:35 3,120 --a------ c:\windows\c579bc41-bc8c-4832-b2df-01393a4f020f.ocx
2009-02-25 16:41 . 2009-02-25 16:41 <DIR> d-------- c:\documents and settings\Justin\Application Data\Bitstream
2009-02-25 14:37 . 2009-02-25 14:37 <DIR> d-------- c:\program files\Common Files\Protexis
2009-02-25 14:37 . 2009-02-25 14:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-02-25 14:31 . 2009-02-25 14:31 <DIR> d-------- c:\program files\Corel
2009-02-22 15:43 . 2009-02-25 11:37 <DIR> d-------- c:\windows\system32\Adobe
2009-02-20 18:56 . 2009-02-20 18:56 91 ---hs---- c:\documents and settings\Desktop.ini
2009-02-16 23:04 . 2009-02-27 22:37 <DIR> d-------- c:\program files\Rosetta Stone
2009-02-16 23:04 . 2009-02-16 23:04 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-02-16 23:04 . 2009-02-27 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rosetta Stone

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 14:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-13 20:07 --------- d-----w c:\documents and settings\Justin\Application Data\uTorrent
2009-03-13 01:51 4,184 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-11 01:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-11 01:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-06 17:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 19:39 --------- d-----w c:\documents and settings\Justin\Application Data\Corel
2009-02-25 19:10 --------- d-----w c:\program files\Common Files\Adobe
2009-02-25 17:28 --------- d-----w c:\program files\Perfect Uninstaller
2009-02-19 04:21 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-08 23:14 --------- d-----w c:\program files\MP3 Player Utilities 3.68
2009-02-08 20:39 --------- d-----w c:\documents and settings\Justin\Application Data\LimeWire
2009-02-08 05:28 --------- d-----w c:\program files\Common Files\Bcgsoft
2009-02-07 20:47 --------- d-----w c:\documents and settings\Justin\Application Data\Hide IP NG
2009-02-05 06:37 4,608 ----a-w c:\windows\system32\w95inf32.dll
2009-02-05 06:37 2,272 ----a-w c:\windows\system32\w95inf16.dll
2009-02-03 19:20 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-02-01 07:26 --------- d-----w c:\program files\uTorrent
2009-01-29 22:30 --------- d-----w c:\documents and settings\Justin\Application Data\TuxPaint
2009-01-25 16:41 --------- d-----w c:\program files\Common Files\INCA Shared
2009-01-25 03:23 --------- d-----w c:\program files\Zone Labs
2009-01-23 22:12 --------- d-----w c:\program files\Atomic Alarm Clock
2009-01-23 21:45 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-23 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-23 18:25 --------- d-----w c:\program files\AutoMouseCliker
2009-01-20 04:25 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-01-20 04:23 --------- d-----w c:\program files\Common Files\Ahead
2009-01-20 04:20 --------- d-----w c:\program files\Nero
2009-01-20 04:20 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-01-18 18:28 --------- d-----w c:\documents and settings\Justin\Application Data\WarZone
2009-01-18 07:01 88 --sh--r c:\documents and settings\All Users\Application Data\ACFB8A4B37.sys
2009-01-16 17:55 --------- d-----w c:\documents and settings\Justin\Application Data\U3
2009-01-15 08:17 636,264 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-01-15 08:17 392,040 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 08:13 5,888,512 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 08:12 10,963,968 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-01-15 08:06 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-01-15 08:06 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2009-01-15 08:06 1,182,720 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-01-15 08:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 08:05 911,872 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-01-15 08:05 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-01-15 08:05 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 08:05 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-01-15 08:05 109,056 ----a-w c:\windows\system32\dllcache\occache.dll
2009-01-15 08:04 755,200 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-01-15 08:04 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 08:04 18,944 ----a-w c:\windows\system32\corpol.dll
2009-01-15 08:04 18,944 ------w c:\windows\system32\dllcache\corpol.dll
2009-01-15 08:02 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-01-15 08:02 593,920 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-01-15 08:02 1,975,296 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-01-15 08:01 66,560 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 08:01 59,904 ----a-w c:\windows\system32\dllcache\icardie.dll
2009-01-15 08:01 54,272 ----a-w c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-15 08:01 46,592 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 08:01 348,160 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 08:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 08:01 34,304 ----a-w c:\windows\system32\dllcache\imgutil.dll
2009-01-15 08:01 216,064 ----a-w c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 08:01 183,808 ----a-w c:\windows\system32\dllcache\iepeers.dll
2009-01-15 08:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 08:00 48,128 ----a-w c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 08:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-15 08:00 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
2009-01-15 07:53 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 07:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-15 07:50 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-01-15 07:35 445,440 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-01-11 05:00 79,360 ------w c:\windows\system32\dllcache\iecompat.dll
2009-01-06 17:31 82,266 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_01_06_11_09_06_small.dmp.zip
2009-01-06 17:08 83,729 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_01_06_11_05_00_small.dmp.zip
2009-01-04 03:12 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-04 03:12 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2007-08-23 06:08 139 ---ha-w c:\program files\Desktop.ini
2007-07-01 10:37 96,978 ----a-w c:\program files\VirtumundoBeGone.exe
2007-03-17 04:46 1,595 -c--a-w c:\documents and settings\Justin\Application Data\SAS7_000.DAT
2006-11-06 00:54 1,523 ----a-w c:\program files\backup.reg
2006-05-11 07:57 88 --sha-r c:\windows\system32\406206B8B0.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-03-15_ 2.01.37.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-12-05 06:54:55 144,896 ------w c:\windows\system32\dllcache\schannel.dll
- 2007-06-12 04:51:12 10,834,944 ----a-w c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 23:34:42 10,838,016 ----a-w c:\windows\system32\dllcache\wmp.dll
- 2009-03-06 17:21:09 197,752 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-15 08:16:07 197,752 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 17:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\system32\schannel.dll
- 2007-06-12 04:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 23:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
+ 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-09-24 527360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-11 09:58 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^StripSaver2.lnk]
backup=c:\windows\pss\StripSaver2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
backup=c:\windows\pss\VirtuaGirl2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2009-01-10 14:59 4608 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2006-11-01 20:48 1392640 c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 01:05 127035 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 19:24 50760 c:\program files\Common Files\AOL\1147137094\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2007-01-13 11:47 163840 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2007-01-13 11:46 135168 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2007-01-13 11:47 131072 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 11:59 124520 c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 10:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 10:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2003-09-29 17:00 155648 c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 04:23 75520 c:\program files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-09-09 23:19 393216 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147137094\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147137094\\ee\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14998:TCP"= 14998:TCP:BitComet 14998 TCP
"14998:UDP"= 14998:UDP:BitComet 14998 UDP
"7045:TCP"= 7045:TCP:BitComet 7045 TCP
"7045:UDP"= 7045:UDP:BitComet 7045 UDP
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"14735:TCP"= 14735:TCP:BitComet 14735 TCP
"14735:UDP"= 14735:UDP:BitComet 14735 UDP
"18700:TCP"= 18700:TCP:*:Disabled:SolidNetworkManager
"18700:UDP"= 18700:UDP:*:Disabled:SolidNetworkManager
"63380:TCP"= 63380:TCP:*:Disabled:SolidNetworkManager
"63380:UDP"= 63380:UDP:*:Disabled:SolidNetworkManager
"15132:TCP"= 15132:TCP:*:Disabled:SolidNetworkManager
"15132:UDP"= 15132:UDP:*:Disabled:SolidNetworkManager

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-11 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-11 107912]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024]
R2 GenPort;GenPort;c:\windows\system32\drivers\genport.sys [2007-08-05 4832]
R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [2007-08-05 6816]
R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [2007-08-05 6336]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-03 603904]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2006-12-30 7548]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S4 Aspl2cn;Aspl2cn; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 15:36]

2009-03-16 c:\windows\Tasks\User_Feed_Synchronization-{238319EA-3ECB-4AB7-AC41-6A125D5B7365}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 03:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page =
mLocal Page =
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:[email protected]
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
TCP: {F1EC2354-B61F-47F5-89B8-88C8D9B460A9} = 192.168.1.254,192.168.2.254
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\dnarzlwh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 14:02:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-16 14:08:04
ComboFix-quarantined-files.txt 2009-03-16 19:07:24
ComboFix2.txt 2009-03-15 14:15:51
ComboFix3.txt 2009-03-15 07:04:38

Pre-Run: 4,346,540,032 bytes free
Post-Run: 4,180,963,328 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
350 --- E O F --- 2009-03-15 08:07:46
------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------

Scan
----
Scanned: 771064
Detected: 0
Untreated: 0
Start time: 3/16/2009 2:47:23 PM
Duration: 13:12:46
Finish time: 3/17/2009 4:00:09 AM


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Custom
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search Yes
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
  • 0

#24
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
Were you able to run that McAfee Removal Tool?
  • 0

#25
CarbonTiger

CarbonTiger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
oh im sorry yes it ran and was successful. did i say i hate mcafee yet? :)
  • 0

Advertisements


#26
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
Yes :)

Alright, everything looks good. Let's get one more scan with Malwarebytes and then we can clean up.

STEP ONE
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#27
CarbonTiger

CarbonTiger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Malwarebytes' Anti-Malware 1.34
Database version: 1841
Windows 5.1.2600 Service Pack 3

3/19/2009 12:49:32 AM
mbam-log-2009-03-19 (00-49-32).txt

Scan type: Quick Scan
Objects scanned: 74865
Time elapsed: 13 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#28
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
Great, everything looks good. Unless you are having other problems, let's clean up.


STEP ONE
  • First, go to the Start menu and click Run
  • In the Run box, type "ComboFix /u" - note the space there.
  • Then click Ok or hit enter.
  • This will remove ComboFix from your machine.

STEP TWO
  • Please download OTCleanIt to your desktop.
  • Double-click OTCleanIt.exe to run it. (Vista users, please right click on OTCleanIt.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


And lastly, just some information for you. The following is a list of articles and tools that I like to recommend to people before they head out.
First, and most importantly is to keep your PC up-to-date with the latest patches from Microsoft. Make sure that you have auto updates turned on also. You will be informed if it is turned on or off when you visit the website below.
Next, I'd like to discuss malware prevention with you. As I said, the first step is to keep Windows up-to-date, but that isn't always enough. You also have to be aware of the sites you visit. Questionable and illegal sites almost always try to infect your machine. Even if you have anti-virus and a firewall, you can still get infected from these sites. It's best to just avoid them all together.

Also, when surfing the web, be careful of popups and do NOT click on a popup. If you get a popup for anti-virus or anti-spyware software, NEVER download it and NEVER buy it, it is nothing more than just more spyware. Also, these are a couple of great programs to help prevent malware infections. Instead of being reactive they are proactive.
While discussing browsing habits, I like to recommend to everyone to use an alternate web browser called Mozilla Firefox. My personal feeling is that Internet Explorer just doesn't fit the bill when coming to security. I have been using Firefox for several years now and have never had issues with it.
Another avenue for malware in recent years has been Peer-To-Peer (P2P) applications, programs like Kazaa, Limewire, and even BitTorrent programs can spread malware. You have to be very weary of what you download from these applications as a lot of time they are infected also. Here is a very good article from Microsoft about the dangers of P2P.
Now, every now and again the Windows operating systems just gets slow and needs to be cleaned up. The follow is an article by Miekiemoes that gives very good information on how to speed up your PC when it's not malware related.
Also, I would just like to thank you for coming by Geeks-To-Go and I'm glad we could lend you a hand. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP