CONHOST.EXE

sambos · 29-08-2011 10:22am #1

Can anybody help here, I am getting a threat warning from my AVG package that conhost.exe has been detected, however if I try to quarantine it, it says the file cannot be found, I have tried showing hidden files etc, searched files and folders but cannot locate the file conhost.exe in order to remove it , also for some reason my p.c. keeps failing to restore to previous good state when I try...Any help here would be great, have tried running spybot S&D and it doesnt detect it nor does my AVG Scan...

AVG Shield Alert syas the following:

File Name :C:\WINDOWS\Temo\conhost.exe (not there when I look here)
Threat name: Trojan horse Agent_r.AOB

ASJ112 · 29-08-2011 10:44am

that's a nasty one

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files here

fruitbats · 29-08-2011 4:57pm

Please copy (Edit->Select All, Edit->Copy) the contents of these files here
[/QUOTE]

i have the exact same problem, I'm a bit confused at this last line?
thanks a million for your help!

ASJ112 · 29-08-2011 4:59pm

OTL will give you two log ( notepad files ), just copy the content here ( highlight them, press ctrl+v, and paste it here )

fruitbats · 29-08-2011 5:35pm

hopefully, this will work- i've been trying since 12pm today and my head is about to explode. I'll let u know how i get on!! thanks again!

fruitbats · 29-08-2011 5:51pm

ASJ112 wrote: »

OTL will give you two log ( notepad files ), just copy the content here ( highlight them, press ctrl+v, and paste it here )

do i paste it in at the end or start of the log files and do i save the file or just exit them?

ASJ112 · 29-08-2011 6:32pm

copy the information from OTLs main.txt here

fruitbats · 29-08-2011 6:33pm

ASJ112 wrote: »

copy the information from OTLs main.txt here

sorry- i've been acting the dumb fu*k
OTL logfile created on: 29/08/2011 18:56:26 - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

509.98 Mb Total Physical Memory | 55.61 Mb Available Physical Memory | 10.90% Memory free
1.22 Gb Paging File | 0.63 Gb Available in Paging File | 51.52% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 1.16 Gb Free Space | 3.11% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DAVE-09C24CC709 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/29 18:37:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/08/12 22:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/04/04 10:57:19 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/01/25 10:13:02 | 002,312,048 | ---- | M] (Support.com) -- C:\Program Files\ARO 2011\ARO.exe
PRC - [2010/03/11 01:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 01:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/01/19 12:21:38 | 000,021,360 | ---- | M] () -- C:\Program Files\ARO 2011\soref.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

========== Driver Services (SafeList) ==========

DRV - [2011/08/29 18:51:58 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE79059-28F1-4EAB-ABE2-BC86DD7E2304}\MpKsl397da69f.sys -- (MpKsl397da69f)
DRV - [2011/08/29 18:02:30 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE79059-28F1-4EAB-ABE2-BC86DD7E2304}\MpKsl2b4133b1.sys -- (MpKsl2b4133b1)
DRV - [2011/08/29 17:08:19 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE79059-28F1-4EAB-ABE2-BC86DD7E2304}\MpKslafc23ed4.sys -- (MpKslafc23ed4)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/10/05 11:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://eu.ask.com?o=15161&l=dis"
FF - prefs.js..extensions.enabledItems: [EMAIL="jqs@sun.com:1.0"]jqs@sun.com:1.0[/EMAIL]
FF - prefs.js..extensions.enabledItems: [EMAIL="dealio@mybrowserbar.com:4.0.2"]dealio@mybrowserbar.com:4.0.2[/EMAIL]
FF - prefs.js..extensions.enabledItems: [EMAIL="searchsettings@spigot.com:1.2.3"]searchsettings@spigot.com:1.2.3[/EMAIL]
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/29 14:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/29 14:27:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 14:41:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/21 07:45:14 | 000,000,000 | ---D | M]

[2010/08/18 14:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/02/25 21:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hkriaeej.default\extensions
[2011/02/25 21:14:58 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hkriaeej.default\extensions\toolbar@ask.com
[2011/02/25 21:14:53 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hkriaeej.default\searchplugins\askcom.xml
[2011/08/29 16:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF
[2010/08/18 10:56:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\SEARCH SETTINGS\FF
[2010/03/11 01:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/11 01:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/11 01:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/11 01:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/03/11 01:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/03/11 01:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/29 16:05:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe (Support.com)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282060180904 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282128009750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/17 15:31:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/29 18:37:09 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/08/29 16:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/08/29 16:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SUPERAntiSpyware
[2011/08/29 16:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/29 16:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/29 16:11:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/29 15:51:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/29 15:42:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/29 15:42:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/29 15:42:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/29 15:42:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/29 15:42:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/29 15:42:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/29 15:42:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/08/29 15:42:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/08/29 15:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/08/29 15:18:58 | 004,189,094 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/08/29 15:04:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/08/29 14:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/08/29 14:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/08/29 14:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/08/29 14:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/29 12:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/29 09:44:54 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/08/29 09:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/29 09:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/29 09:05:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/29 09:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/08/29 08:56:39 | 005,570,000 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_2011_1390_cnet.exe
[2011/08/28 21:28:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/28 21:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/28 21:27:47 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/28 21:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/28 21:26:55 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/28 20:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/08/28 20:31:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/28 20:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/28 20:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sammsoft
[2011/08/28 20:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/08/28 18:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/29 19:05:50 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/08/29 18:58:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/29 18:57:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/29 18:50:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/29 18:37:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/08/29 18:27:24 | 130,427,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/29 16:17:03 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/29 16:05:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/29 15:52:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/29 15:31:34 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Check PC For Errors.lnk
[2011/08/29 15:31:34 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/08/29 15:19:10 | 004,189,094 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/08/29 14:43:40 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3468F77D-243C-457A-9957-FC275BE69C69}.job
[2011/08/29 13:25:36 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2011/08/29 09:31:11 | 130,381,365 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/08/29 09:10:57 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/29 08:56:54 | 005,570,000 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_2011_1390_cnet.exe
[2011/08/28 21:28:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/28 21:27:27 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/28 18:41:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/23 19:55:56 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/22 14:29:30 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/11 18:15:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/06 16:40:39 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Picture 1514.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/29 18:27:24 | 130,427,338 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/29 16:17:03 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/29 15:52:04 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/08/29 15:51:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/29 15:42:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/29 15:42:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/29 15:42:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/29 15:42:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/29 15:42:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/29 15:31:34 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Check PC For Errors.lnk
[2011/08/29 15:31:34 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/08/29 09:31:11 | 130,381,365 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/08/29 09:10:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/28 21:28:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/28 18:41:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/28 07:42:50 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/06 16:40:39 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Picture 1514.lnk
[2010/08/19 15:45:03 | 000,000,065 | ---- | C] () -- C:\WINDOWS\minitab.ini
[2010/08/19 15:42:59 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 14:41:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/18 11:35:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/17 16:22:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/17 16:21:38 | 000,129,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/17 15:34:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 15:28:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/03 01:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/03 01:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/03 01:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/03 01:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/03 01:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/03 01:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/03 01:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/03 01:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/03 01:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/03 01:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/03 01:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/03 01:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/03 01:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/03 01:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/03 01:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/03 01:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/03 01:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/14 19:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 19:33:40 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/11/14 19:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 19:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 19:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 19:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 19:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 19:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 19:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 19:11:36 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/11/14 19:11:36 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/11/14 19:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 19:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/08/11 22:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/07 17:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2005/03/22 00:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 00:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,311,912 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,040,108 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/08/29 14:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/03/06 08:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2011/08/28 20:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sammsoft
[2011/07/29 17:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Search Settings
[2011/08/29 19:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/08/29 14:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/29 17:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/06 08:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/08/28 20:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/29 14:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/29 18:57:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/08/29 19:05:50 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/08/29 14:43:40 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3468F77D-243C-457A-9957-FC275BE69C69}.job

========== Purity Check ==========

< End of report >

fruitbats · 29-08-2011 6:36pm

also, only one text file published- there was no extras.txt

actually disregard the file above and i'll try run it again
thanks

ASJ112 · 29-08-2011 6:45pm

looks like you have run combofix, can you post this log

C:\combofix.txt

ASJ112 · 29-08-2011 7:01pm

also do this

open OTL click the None button at the top, paste this in the custom scan/fixes box

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SaveMBR:0
clearallrestorepoints
%systemroot%\*. /mp /s
C:\*.*

click run scan, post the log

fruitbats · 29-08-2011 8:29pm

ASJ112 wrote: »

looks like you have run combofix, can you post this log

C:\combofix.txt

ComboFix 11-08-29.01 - Administrator 29/08/2011 15:53:30.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.510.336 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Dealio
c:\documents and settings\Administrator\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Administrator\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.5\config.ini
c:\program files\Dealio Toolbar\IE\4.5\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Mozilla Firefox\extensions\dealio@mybrowserbar.com
c:\program files\Search Settings
c:\windows\$xntuninstall643$
c:\windows\$xntuninstall643$\zrpt.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))
.
.
2011-08-29 14:41 . 2011-08-29 14:41

d

w- c:\windows\system32\MpEngineStore
2011-08-29 13:27 . 2011-08-29 13:27

d

w- c:\documents and settings\Administrator\Application Data\AVG10
2011-08-29 13:26 . 2011-08-29 13:26

d

w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-08-29 13:17 . 2011-08-29 13:17 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE79059-28F1-4EAB-ABE2-BC86DD7E2304}\MpKsl90641ac6.sys
2011-08-29 09:57 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE79059-28F1-4EAB-ABE2-BC86DD7E2304}\mpengine.dll
2011-08-29 08:44 . 2011-08-29 08:44

d

w- C:\$AVG
2011-08-29 08:11 . 2011-08-29 13:27

d

w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2011-08-29 08:05 . 2011-08-29 14:25

d

w- c:\documents and settings\All Users\Application Data\AVG10
2011-08-29 08:05 . 2011-08-29 08:34

d

w- c:\windows\system32\drivers\AVG
2011-08-29 08:04 . 2011-08-29 08:04

d

w- c:\program files\AVG
2011-08-28 20:28 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-28 20:27 . 2011-08-28 20:27

d

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-28 20:27 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-28 20:27 . 2011-08-29 13:26

d

w- c:\program files\Malwarebytes' Anti-Malware
2011-08-28 19:41 . 2011-08-28 19:41

d

w- c:\windows\system32\wbem\Repository
2011-08-28 19:31 . 2011-08-28 19:31

d

w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-28 19:27 . 2011-08-29 13:26

d

w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-28 19:06 . 2011-08-28 19:06

d

w- c:\documents and settings\Administrator\Application Data\Sammsoft
2011-08-28 19:06 . 2011-08-29 14:28

d

w- c:\program files\ARO 2011
2011-08-28 17:35 . 2011-08-28 17:35

d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-23 18:55 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-11 17:01 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 17:00 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 02:44 . 2010-08-19 14:21 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2010-08-17 14:27 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 10:00 1469440

w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2010-03-11 00:01 . 2010-03-11 00:01 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-03-11 00:40 . 2010-03-11 00:40 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-03-11 00:02 . 2010-03-11 00:02 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-03-11 00:01 . 2010-03-11 00:01 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-03-11 00:01 . 2010-03-11 00:01 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-03-11 00:00 . 2010-03-11 00:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-03-11 00:01 . 2010-03-11 00:01 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-03-11 00:01 . 2010-03-11 00:01 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-10-05 13:49 . 2009-10-05 13:49 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-03-11 00:02 . 2010-03-11 00:02 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 09:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-04 399736]
"AROReminder"="c:\program files\ARO 2011\aro.exe" [2011-01-25 2312048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 08:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 16:03 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [05/04/2011 00:59 297168]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/01/2011 06:41 248656]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [05/10/2009 11:08 65584]
S1 MpKsl06599518;MpKsl06599518;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2F0566B-8686-4782-8205-CEA63AA62C92}\MpKsl06599518.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2F0566B-8686-4782-8205-CEA63AA62C92}\MpKsl06599518.sys [?]
S1 MpKsl12ed4c98;MpKsl12ed4c98;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{10DFDB8C-FA5D-4CE2-8A32-908AAAAE1616}\MpKsl12ed4c98.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{10DFDB8C-FA5D-4CE2-8A32-908AAAAE1616}\MpKsl12ed4c98.sys [?]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [24/06/2011 17:30 393112]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 17:39 7398752]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/08/2011 21:28 366640]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [29/08/2011 09:11 1025352]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 21:28 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 07:53 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 07:53 27216]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/08/2011 21:27 22712]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
2011-08-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 14:23]
.
2011-08-29 c:\windows\Tasks\User_Feed_Synchronization-{3468F77D-243C-457A-9957-FC275BE69C69}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.google.ie/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hkriaeej.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=15161&l=dis
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-29 16:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD400BB-75JHC0 rev.06.01C06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8230B31B
user & kernel MBR OK
.
**************************************************************************
.

LOCKED REGISTRY KEYS

.
[HKEY_USERS\S-1-5-21-823518204-651377827-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,96,93,af,e1,4b,77,4a,9f,fc,d7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,17,ea,a3,3d,3d,16,49,92,d6,4b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,17,ea,a3,3d,3d,16,49,92,d6,4b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2F2ED127-9180-E0E9-DD82A3EA97D23C2D}\{BC7AD397-E62C-4E1A-5A858785C5B4F8B7}\{1CB4FE78-537A-1AF0-DBD366375A0DFAF2}*]
"6JTK1G3VHNYPX3ZPM5IBXQUPOA1"=hex:01,00,01,00,00,00,00,00,d1,91,3d,c6,9d,81,07,
35,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{484F515E-F5F4-CAE2-00797FFBC1B1DB0A}\{B5BB857C-6143-5E3C-4B14653578135B7A}\{14E971F7-0C0F-F2F4-35B0BAA5D2098273}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,88,e9,ee,
36,a4,cb,4c,8d,3e,b0,6e,9d,1a,5e,dc,c3,92,1d,69,6a,ff,51,ad,fb,db,70,ef,c1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6283EF60-5306-646F-3E2A60A6F3147012}\{EC258BE5-E5B0-C834-EB7A48F96467BF3F}\{829C9D27-3E4A-4D61-8C18630CF0B6A85C}*]
"6JTK1G3VHNYPX3ZPM5IBXQUPOA1"=hex:01,00,01,00,00,00,00,00,d1,91,3d,c6,9d,81,07,
35,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DCB42C02-2C7E-50EC-E2B5A792F7765BFB}\{38286259-1A12-EDE0-84E2CD6A1D76E8F7}\{2C2658AF-F73E-73C6-89D45D0D6FCCCFF2}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,88,e9,ee,
36,a4,cb,4c,8d,3e,b0,6e,9d,1a,5e,dc,c3,92,1d,69,6a,ff,51,ad,fb,db,70,ef,c1,\
.

DLLs Loaded Under Running Processes

.
- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\WININET.dll
.
Completion time: 2011-08-29 16:11:48
ComboFix-quarantined-files.txt 2011-08-29 15:11
.
Pre-Run: 685,686,784 bytes free
Post-Run: 1,519,489,024 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 82A872F87A19E486C3465A8554815836

thanks

fruitbats · 29-08-2011 8:31pm

fruitbats wrote: »

also, only one text file published- there was no extras.txt
actually disregard the file above and i'll try run it again
thanks

heres the extras.txt too thanks
OTL Extras logfile created on: 29/08/2011 18:37:48 - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

509.98 Mb Total Physical Memory | 332.45 Mb Available Physical Memory | 65.19% Memory free
1.22 Gb Paging File | 1.05 Gb Available in Paging File | 86.19% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 1.16 Gb Free Space | 3.13% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DAVE-09C24CC709 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888019C0-54D4-40C2-9274-27B9DAB17017}" = Intel(R) Network Connections 14.0.40.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BF44976C-9F29-4C54-AA5F-97DD9D929434}" = Minitab 15 English
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA64E459-FBF3-4A9C-A3E8-FD0240C4E611}" = Dealio Toolbar v4.5
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ARO 2011_is1" = ARO 2011
"AVG" = AVG 2011
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.1
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/08/2011 14:53:10 | Computer Name = DAVE-09C24CC709 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 28/08/2011 15:30:49 | Computer Name = DAVE-09C24CC709 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 28/08/2011 16:13:15 | Computer Name = DAVE-09C24CC709 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 28/08/2011 16:14:25 | Computer Name = DAVE-09C24CC709 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 29/08/2011 03:38:32 | Computer Name = DAVE-09C24CC709 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 29/08/2011 07:56:23 | Computer Name = DAVE-09C24CC709 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 29/08/2011 08:34:18 | Computer Name = DAVE-09C24CC709 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 29/08/2011 09:50:28 | Computer Name = DAVE-09C24CC709 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 29/08/2011 10:10:04 | Computer Name = DAVE-09C24CC709 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 29/08/2011 10:29:17 | Computer Name = DAVE-09C24CC709 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\1dd4f3f.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

[ System Events ]
Error - 29/08/2011 13:07:24 | Computer Name = DAVE-09C24CC709 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 29/08/2011 13:07:24 | Computer Name = DAVE-09C24CC709 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 29/08/2011 13:08:35 | Computer Name = DAVE-09C24CC709 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 29/08/2011 13:08:35 | Computer Name = DAVE-09C24CC709 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 29/08/2011 13:15:37 | Computer Name = DAVE-09C24CC709 | Source = DCOM | ID = 10010
Description = The server {8D9BB053-FEE5-4411-B6F5-F1E37DDC3106} did not register
with DCOM within the required timeout.

Error - 29/08/2011 13:22:13 | Computer Name = DAVE-09C24CC709 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 29/08/2011 13:27:47 | Computer Name = DAVE-09C24CC709 | Source = DCOM | ID = 10010
Description = The server {8D9BB053-FEE5-4411-B6F5-F1E37DDC3106} did not register
with DCOM within the required timeout.

Error - 29/08/2011 13:35:07 | Computer Name = DAVE-09C24CC709 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 29/08/2011 13:35:36 | Computer Name = DAVE-09C24CC709 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgldx86 Avgmfx86 ctxusbm Fips intelppm MpFilter SASDIFSV SASKUTIL

Error - 29/08/2011 13:39:52 | Computer Name = DAVE-09C24CC709 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >
Edit->Select All, Edit->Copy

fruitbats · 29-08-2011 8:37pm

ASJ112 wrote: »

also do this

open OTL click the None button at the top, paste this in the custom scan/fixes box

OTL logfile created on: 29/08/2011 21:25:48 - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

509.98 Mb Total Physical Memory | 79.11 Mb Available Physical Memory | 15.51% Memory free
1.22 Gb Paging File | 0.41 Gb Available in Paging File | 33.87% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 1.19 Gb Free Space | 3.19% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DAVE-09C24CC709 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/29 18:37:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/08/12 22:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/04/04 10:57:19 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/11 01:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 01:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/29 19:02:14 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/08/29 16:17:30 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/29 16:17:30 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/29 16:17:30 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/07/26 10:15:58 | 002,532,680 | ---- | M] () -- C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

========== Win32 Services (SafeList) ==========

SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

========== Driver Services (SafeList) ==========

DRV - [2011/08/29 18:51:58 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE79059-28F1-4EAB-ABE2-BC86DD7E2304}\MpKsl397da69f.sys -- (MpKsl397da69f)
DRV - [2011/08/29 18:02:30 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE79059-28F1-4EAB-ABE2-BC86DD7E2304}\MpKsl2b4133b1.sys -- (MpKsl2b4133b1)
DRV - [2011/08/29 17:08:19 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE79059-28F1-4EAB-ABE2-BC86DD7E2304}\MpKslafc23ed4.sys -- (MpKslafc23ed4)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/10/05 11:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://eu.ask.com?o=15161&l=dis"
FF - prefs.js..extensions.enabledItems: [EMAIL="jqs@sun.com:1.0"]jqs@sun.com:1.0[/EMAIL]
FF - prefs.js..extensions.enabledItems: [EMAIL="dealio@mybrowserbar.com:4.0.2"]dealio@mybrowserbar.com:4.0.2[/EMAIL]
FF - prefs.js..extensions.enabledItems: [EMAIL="searchsettings@spigot.com:1.2.3"]searchsettings@spigot.com:1.2.3[/EMAIL]
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/29 14:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/29 14:27:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 14:41:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/21 07:45:14 | 000,000,000 | ---D | M]

[2010/08/18 14:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/02/25 21:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hkriaeej.default\extensions
[2011/02/25 21:14:58 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hkriaeej.default\extensions\toolbar@ask.com
[2011/02/25 21:14:53 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hkriaeej.default\searchplugins\askcom.xml
[2011/08/29 16:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF
[2010/08/18 10:56:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\SEARCH SETTINGS\FF
[2010/03/11 01:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/11 01:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/11 01:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/11 01:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/03/11 01:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/03/11 01:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/29 16:05:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe (Support.com)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282060180904 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282128009750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/17 15:31:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

CLEARALLRESTOREPOINTS
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/29 21:27:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/29 18:37:09 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/08/29 16:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/08/29 16:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SUPERAntiSpyware
[2011/08/29 16:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/29 16:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/29 16:11:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/29 15:51:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/29 15:42:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/29 15:42:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/29 15:42:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/29 15:42:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/29 15:42:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/29 15:42:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/29 15:42:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/08/29 15:42:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/08/29 15:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/08/29 15:18:58 | 004,189,094 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/08/29 15:12:13 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2011/08/29 15:04:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/08/29 14:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/08/29 14:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/08/29 14:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/08/29 14:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/29 12:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/29 09:44:54 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/08/29 09:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/29 09:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/29 09:05:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/29 09:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/08/29 08:56:39 | 005,570,000 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_2011_1390_cnet.exe
[2011/08/28 21:28:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/28 21:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/28 21:27:47 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/28 21:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/28 21:26:55 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/28 20:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/08/28 20:31:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/28 20:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/28 20:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sammsoft
[2011/08/28 20:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/08/28 18:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/11 18:01:25 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/11 18:00:28 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/29 21:33:52 | 000,904,086 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avg.bmp
[2011/08/29 21:29:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/08/29 21:10:59 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3468F77D-243C-457A-9957-FC275BE69C69}.job
[2011/08/29 21:01:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/08/29 18:58:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/29 18:57:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/29 18:50:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/29 18:37:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/08/29 18:27:24 | 130,427,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/29 16:17:03 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/29 16:05:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/29 15:52:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/29 15:31:34 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Check PC For Errors.lnk
[2011/08/29 15:31:34 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/08/29 15:19:10 | 004,189,094 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/08/29 15:12:30 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2011/08/29 13:25:36 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2011/08/29 09:31:11 | 130,381,365 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/08/29 09:10:57 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/29 08:56:54 | 005,570,000 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_2011_1390_cnet.exe
[2011/08/28 21:28:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/28 21:27:27 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/28 18:41:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/23 19:55:56 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/22 14:29:30 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/11 18:15:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/06 16:40:39 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Picture 1514.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/29 21:29:04 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/08/29 18:27:24 | 130,427,338 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/29 16:17:03 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/29 15:52:04 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/08/29 15:51:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/29 15:42:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/29 15:42:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/29 15:42:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/29 15:42:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/29 15:42:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/29 15:31:34 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Check PC For Errors.lnk
[2011/08/29 15:31:34 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/08/29 09:31:11 | 130,381,365 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/08/29 09:10:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/28 21:28:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/28 18:41:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/28 07:42:50 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/06 16:40:39 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Picture 1514.lnk
[2010/08/19 15:45:03 | 000,000,065 | ---- | C] () -- C:\WINDOWS\minitab.ini
[2010/08/19 15:42:59 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 14:41:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/18 11:35:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/17 16:22:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/17 16:21:38 | 000,129,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/17 15:34:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 15:28:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/03 01:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/03 01:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/03 01:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/03 01:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/03 01:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/03 01:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/03 01:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/03 01:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/03 01:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/03 01:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/03 01:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/03 01:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/03 01:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/03 01:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/03 01:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/03 01:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/03 01:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/14 19:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 19:33:40 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/11/14 19:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 19:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 19:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 19:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 19:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 19:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 19:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 19:11:36 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/11/14 19:11:36 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/11/14 19:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 19:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/08/11 22:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/07 17:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2005/03/22 00:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 00:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,311,912 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,040,108 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/08/29 14:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/03/06 08:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2011/08/28 20:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sammsoft
[2011/07/29 17:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Search Settings
[2011/08/29 21:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/08/29 14:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/29 17:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/06 08:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/08/28 20:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/29 14:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/29 18:57:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/08/29 21:01:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/08/29 21:10:59 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3468F77D-243C-457A-9957-FC275BE69C69}.job

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< C:\*.* >
[2010/08/17 15:31:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/08/29 13:25:36 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2011/08/29 15:52:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/08/29 16:11:50 | 000,022,620 | ---- | M] () -- C:\ComboFix.txt
[2010/08/17 15:31:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/17 15:31:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/17 15:31:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 11:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/18 10:13:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/29 18:50:43 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2011/08/29 21:29:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

< >
< End of report >

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SaveMBR:0
clearallrestorepoints
%systemroot%\*. /mp /s
C:\*.*

click run scan, post the log

thanks

fruitbats · 29-08-2011 8:42pm

this is what AVG looks like at the moment:(!!!
I also mean't to say "the Wife is going to tear me new one when she see's this!!"

ASJ112 · 29-08-2011 8:56pm

can you update malwarebytes anti-malware, run a quick scan, post that log here

fruitbats · 29-08-2011 8:58pm

ASJ112 wrote: »

also do this

open OTL click the None button at the top, paste this in the custom scan/fixes box

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SaveMBR:0
clearallrestorepoints
%systemroot%\*. /mp /s
C:\*.*

click run scan, post the log

this the log file from the custom scan
OTL logfile created on: 29/08/2011 21:44:11 - Run 3
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

509.98 Mb Total Physical Memory | 139.73 Mb Available Physical Memory | 27.40% Memory free
1.22 Gb Paging File | 0.43 Gb Available in Paging File | 34.94% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 3.07 Gb Free Space | 8.24% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DAVE-09C24CC709 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/29 18:37:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/08/12 22:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/04/04 10:57:19 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/11 01:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 01:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/29 19:02:14 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/08/29 16:17:30 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/29 16:17:30 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/29 16:17:30 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/07/26 10:15:58 | 002,532,680 | ---- | M] () -- C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/11/14 19:11:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2009/01/10 23:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

========== Driver Services (SafeList) ==========

DRV - [2011/08/29 18:51:58 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE79059-28F1-4EAB-ABE2-BC86DD7E2304}\MpKsl397da69f.sys -- (MpKsl397da69f)
DRV - [2011/08/29 18:02:30 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE79059-28F1-4EAB-ABE2-BC86DD7E2304}\MpKsl2b4133b1.sys -- (MpKsl2b4133b1)
DRV - [2011/08/29 17:08:19 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE79059-28F1-4EAB-ABE2-BC86DD7E2304}\MpKslafc23ed4.sys -- (MpKslafc23ed4)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/10/05 11:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://eu.ask.com?o=15161&l=dis"
FF - prefs.js..extensions.enabledItems: [EMAIL="jqs@sun.com:1.0"]jqs@sun.com:1.0[/EMAIL]
FF - prefs.js..extensions.enabledItems: [EMAIL="dealio@mybrowserbar.com:4.0.2"]dealio@mybrowserbar.com:4.0.2[/EMAIL]
FF - prefs.js..extensions.enabledItems: [EMAIL="searchsettings@spigot.com:1.2.3"]searchsettings@spigot.com:1.2.3[/EMAIL]
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/29 14:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/29 14:27:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 14:41:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/21 07:45:14 | 000,000,000 | ---D | M]

[2010/08/18 14:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/02/25 21:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hkriaeej.default\extensions
[2011/02/25 21:14:58 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hkriaeej.default\extensions\toolbar@ask.com
[2011/02/25 21:14:53 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hkriaeej.default\searchplugins\askcom.xml
[2011/08/29 16:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF
[2010/08/18 10:56:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\SEARCH SETTINGS\FF
[2010/03/11 01:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/11 01:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/11 01:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/11 01:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/03/11 01:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/03/11 01:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/29 16:05:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe (Support.com)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282060180904 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282128009750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/17 15:31:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

CLEARALLRESTOREPOINTS
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/29 21:27:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/29 18:37:09 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/08/29 16:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/08/29 16:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SUPERAntiSpyware
[2011/08/29 16:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/29 16:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/29 16:11:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/29 15:51:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/29 15:42:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/29 15:42:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/29 15:42:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/29 15:42:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/29 15:42:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/29 15:42:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/29 15:42:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/08/29 15:42:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/08/29 15:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/08/29 15:18:58 | 004,189,094 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/08/29 15:12:13 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2011/08/29 15:04:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/08/29 14:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/08/29 14:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/08/29 14:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/08/29 14:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/29 12:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/29 09:44:54 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/08/29 09:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/29 09:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/29 09:05:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/29 09:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/08/29 08:56:39 | 005,570,000 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_2011_1390_cnet.exe
[2011/08/28 21:28:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/28 21:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/28 21:27:47 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/28 21:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/28 21:26:55 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/28 20:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/08/28 20:31:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/28 20:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/28 20:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sammsoft
[2011/08/28 20:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/08/28 18:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/11 18:01:25 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/11 18:00:28 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/29 21:46:18 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/08/29 21:33:52 | 000,904,086 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avg.bmp
[2011/08/29 21:10:59 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3468F77D-243C-457A-9957-FC275BE69C69}.job
[2011/08/29 21:01:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/08/29 18:58:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/29 18:57:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/29 18:50:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/29 18:37:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/08/29 18:27:24 | 130,427,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/29 16:17:03 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/29 16:05:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/29 15:52:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/29 15:31:34 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Check PC For Errors.lnk
[2011/08/29 15:31:34 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/08/29 15:19:10 | 004,189,094 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/08/29 15:12:30 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2011/08/29 13:25:36 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2011/08/29 09:31:11 | 130,381,365 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/08/29 09:10:57 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/29 08:56:54 | 005,570,000 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_2011_1390_cnet.exe
[2011/08/28 21:28:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/28 21:27:27 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/28 18:41:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/23 19:55:56 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/22 14:29:30 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/11 18:15:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/06 16:40:39 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Picture 1514.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/29 21:33:52 | 000,904,086 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avg.bmp
[2011/08/29 21:29:04 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/08/29 18:27:24 | 130,427,338 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/29 16:17:03 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/29 15:52:04 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/08/29 15:51:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/29 15:42:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/29 15:42:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/29 15:42:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/29 15:42:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/29 15:42:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/29 15:31:34 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Check PC For Errors.lnk
[2011/08/29 15:31:34 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/08/29 09:31:11 | 130,381,365 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/08/29 09:10:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/28 21:28:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/28 18:41:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/28 07:42:50 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/06 16:40:39 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Picture 1514.lnk
[2010/08/19 15:45:03 | 000,000,065 | ---- | C] () -- C:\WINDOWS\minitab.ini
[2010/08/19 15:42:59 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 14:41:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/18 11:35:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/17 16:22:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/17 16:21:38 | 000,129,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/17 15:34:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 15:28:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/03 01:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/03 01:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/03 01:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/03 01:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/03 01:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/03 01:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/03 01:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/03 01:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/03 01:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/03 01:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/03 01:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/03 01:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/03 01:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/03 01:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/03 01:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/03 01:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/03 01:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/14 19:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 19:33:40 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/11/14 19:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 19:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 19:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 19:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 19:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 19:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 19:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 19:11:36 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/11/14 19:11:36 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/11/14 19:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 19:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/08/11 22:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/07 17:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2005/03/22 00:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 00:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,311,912 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,040,108 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< C:\*.* >
[2010/08/17 15:31:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/08/29 13:25:36 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2011/08/29 15:52:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/08/29 16:11:50 | 000,022,620 | ---- | M] () -- C:\ComboFix.txt
[2010/08/17 15:31:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/17 15:31:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/17 15:31:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 11:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/18 10:13:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/29 18:50:43 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2011/08/29 21:46:18 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

< >
< End of report >

ASJ112 · 29-08-2011 9:44pm

not sure if you saw this, but can you do it if you haven't

can you update malwarebytes anti-malware, run a quick scan, post that log here

and do this

open OTL click the None button at the top, paste this in the custom scan/fixes box

c:\windows\*.
c:\windows\system32\dllcache\rdpwd.sys /md5
c:\windows\system32\dllcache\ndistapi.sys /md5
c:\windows\system32\drivers\mrxsmb.sys /md5

click run scan, post the log it gives

zoran · 29-08-2011 10:38pm

OTL logfile created on: 8/29/2011 11:18:47 PM - Run 5
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 87.80 Mb Available Physical Memory | 17.22% Memory free
1.22 Gb Paging File | 0.40 Gb Available in Paging File | 33.11% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 47.69 Gb Free Space | 62.49% Space Free | Partition Type: NTFS

Computer Name: HOME-DD2F005EFC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/08/29 13:48:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\OTL.exe
PRC - [2011/08/22 16:32:22 | 013,811,488 | ---- | M] (Nonoh) -- C:\Program Files\Nonoh.net\Nonoh\nonoh.exe
PRC - [2011/08/17 18:32:50 | 013,822,248 | ---- | M] (12Voip) -- C:\Program Files\12Voip.com\12Voip\12voip.exe
PRC - [2011/04/21 16:54:40 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/21 16:54:38 | 003,366,800 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
PRC - [2011/04/21 16:54:38 | 000,801,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/03/27 09:44:19 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/10 16:44:08 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/22 07:36:24 | 000,405,504 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.exe
PRC - [2005/07/19 18:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 16:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 15:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/20 00:30:48 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/07/26 10:15:58 | 002,532,680 | ---- | M] () -- C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
MOD - [2011/04/21 16:54:42 | 000,561,184 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\sqlite3.dll
MOD - [2011/04/21 16:54:42 | 000,267,664 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\Scan.dll
MOD - [2011/04/21 16:54:40 | 000,596,368 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\DiskMap.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,055,184 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\NtfsData.dll
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/03/27 09:48:42 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2007/05/30 10:13:34 | 000,671,744 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.dll
MOD - [2007/05/30 07:15:46 | 000,077,824 | ---- | M] () -- C:\Program Files\SkypeMate\VistaVolume.dll
MOD - [2007/05/22 07:36:24 | 000,405,504 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.exe
MOD - [2004/09/14 18:49:02 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbxPP5C.DLL
MOD - [2004/08/13 17:14:18 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 962\dlbxcnv4.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2004/08/26 22:57:02 | 000,450,560 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/01/01 21:20:31 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/05/27 10:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/08/11 15:26:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/11 15:30:01 | 000,000,000 | ---D | M]

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [12Voip] C:\Program Files\12Voip.com\12Voip\12Voip.exe (12Voip)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Nonoh] C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe (Nonoh)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner.HOME-DD2F005EFC\Start Menu\Programs\Startup\SkypeMate.lnk = C:\Program Files\SkypeMate\SkypeMate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Local intranet)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (dmeeoj.dll) - File not found
O20 - AppInit_DLLs: (fouvad.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\mekomdo: DllName - C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\mekomdo.dll - File not found
O20 - Winlogon\Notify\refalag: DllName - C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\refalag.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O29 - HKLM SecurityProviders - (mprqrfts.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxyxXPGW) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/02 12:14:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1f0c02b4-29d7-11df-9511-001111ea690a}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/29 23:26:21 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/29 23:09:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/29 22:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/08/29 21:58:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder118666
[2011/08/29 21:58:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder108192
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder93767
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder108213
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder108211
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder93805
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder18811
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder108179
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder93843
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder93835
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder118682
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder118677
[2011/08/29 13:48:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\OTL.exe
[2011/08/29 13:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Uniblue
[2011/08/29 13:26:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~0
[2011/08/29 13:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/08/11 16:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG
[2011/08/11 16:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC Tuneup 2011
[2011/08/11 15:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG10
[2011/08/11 15:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
[2011/08/11 15:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG 2011
[2011/08/11 15:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2011/08/11 15:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/11 15:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/08/11 15:16:46 | 005,570,008 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\avg_isc_stb_all_2011_1392.exe
[2011/08/01 20:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Ybzaed
[2011/08/01 20:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Asedm
[2011/01/15 14:05:32 | 011,261,896 | ---- | C] (http://www.ojosoft.com ) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\total-video-converter.exe
[2007/06/25 15:10:15 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/29 23:27:48 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-706699826-725345543-1003.job
[2011/08/29 23:27:45 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-706699826-725345543-1003.job
[2011/08/29 23:26:39 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/29 23:11:33 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/08/29 23:07:21 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{45E90AB1-9BDD-4C55-9282-71B5175B31F3}.job
[2011/08/29 22:59:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/29 22:39:29 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/08/29 22:38:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/29 22:38:49 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/29 22:38:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/29 19:38:10 | 000,660,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/08/29 17:00:04 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/08/29 13:48:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\OTL.exe
[2011/08/29 13:09:39 | 130,427,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/28 11:58:38 | 017,181,674 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\0479 - New Super Mario Bros. (EU).zip
[2011/08/28 11:36:29 | 028,215,141 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\1704 - Mario Party DS (EU).zip
[2011/08/28 09:14:04 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/08/27 21:14:59 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/08/27 17:15:18 | 000,000,568 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/08/24 23:38:32 | 000,131,366 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/08/12 23:10:46 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/08/11 16:08:32 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/11 15:30:29 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2011.lnk
[2011/08/11 08:20:44 | 000,463,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 08:20:44 | 000,080,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/11 08:11:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/08/03 17:36:35 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdw.DAT
[2011/08/03 17:32:24 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT
[2011/08/01 09:11:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/29 23:11:33 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/08/29 19:38:10 | 000,660,786 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/08/29 13:09:39 | 130,427,338 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/28 11:58:36 | 017,181,674 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\0479 - New Super Mario Bros. (EU).zip
[2011/08/28 11:49:17 | 033,554,432 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\5256 FIFA 11 (DSi Enhanced) (EU)(M5).nds
[2011/08/28 11:49:17 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\5256 FIFA 11 (DSi Enhanced) (EU)(M5).sav
[2011/08/28 11:49:17 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\5256 FIFA 11 (DSi Enhanced) (EU)(M5).ba0
[2011/08/28 11:35:43 | 028,215,141 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\1704 - Mario Party DS (EU).zip
[2011/08/24 23:38:32 | 000,131,366 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/08/12 23:10:46 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/08/12 23:10:45 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/08/11 16:19:26 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-706699826-725345543-1003.job
[2011/08/11 16:08:32 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/11 15:30:29 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2011.lnk
[2011/06/21 21:47:05 | 000,000,098 | ---- | C] () -- C:\WINDOWS\setup.ini
[2011/06/20 08:16:39 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/25 12:17:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2011/04/24 13:17:33 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hybrid Basic
[2011/04/24 13:17:33 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Home
[2011/04/24 13:17:33 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdw.DAT
[2011/04/24 13:17:33 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Images
[2011/04/24 13:14:09 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Horn Section
[2011/04/24 13:14:09 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Helper Scripts
[2011/04/24 13:14:09 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT
[2011/04/24 13:14:09 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Icons
[2011/01/14 15:31:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/04 00:47:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FxSetDll.INI
[2009/12/30 22:04:32 | 000,000,121 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\default.rss
[2009/11/23 14:48:50 | 000,005,184 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\N360BUOptions.ini
[2009/09/22 22:23:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/19 09:42:00 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/02/19 09:41:05 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/19 09:41:03 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/01/12 01:54:22 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2009/01/12 01:54:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2009/01/12 01:54:21 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\tvqdec.dll
[2008/12/04 14:42:23 | 000,022,017 | -HS- | C] () -- C:\WINDOWS\System32\WGPXxyxx.ini
[2008/12/04 14:42:23 | 000,021,965 | -HS- | C] () -- C:\WINDOWS\System32\WGPXxyxx.ini2
[2008/12/03 20:53:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/03 20:53:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/03 20:53:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/03 20:53:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/10/19 16:42:10 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/08/18 15:15:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/17 11:24:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/17 01:45:03 | 000,000,568 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/08/16 22:45:03 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/16 20:41:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/16 20:39:28 | 000,287,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/16 19:59:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/16 19:51:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/14 11:17:31 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
[2008/08/14 11:17:31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
[2008/08/14 11:17:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
[2008/08/14 11:17:27 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
[2008/08/14 11:17:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
[2008/08/14 11:17:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
[2008/08/14 11:17:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
[2008/08/14 11:17:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
[2008/08/14 11:17:23 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
[2005/03/22 19:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 19:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,463,826 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,080,750 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/06/03 21:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\18290
[2011/08/12 21:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
[2011/08/29 08:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2011/08/11 15:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/11/03 23:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Bandoo
[2010/09/18 00:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ClickPotatoLiteSA
[2011/03/14 16:49:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2009/11/09 17:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
[2011/02/03 20:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
[2011/04/24 13:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EnterNHelp
[2011/01/05 00:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fighters
[2011/04/22 17:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FileServe Limited
[2011/05/28 15:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2009/06/13 21:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
[2011/08/11 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/04/24 13:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nikon
[2011/02/03 20:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2011/02/03 18:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegCure
[2011/08/12 16:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011/04/24 13:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ultima_T15
[2011/04/15 23:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2008/12/06 01:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/08/29 22:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/08/29 22:51:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~0
[2011/08/28 18:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\12Voip
[2011/08/01 20:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Asedm
[2011/08/12 08:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG
[2011/08/11 15:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG10
[2009/11/28 12:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG9
[2011/05/28 14:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\BitTorrent
[2008/12/06 00:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/03 18:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\DriverCure
[2010/05/11 16:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\EdAlive
[2010/03/04 01:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Facebook
[2010/11/11 11:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Fighters
[2010/07/10 12:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\FUJIFILM
[2011/05/29 18:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Fytife
[2010/07/13 23:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\ImgBurn
[2011/06/21 20:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\IObit
[2011/05/27 17:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Ivkyit
[2011/05/28 15:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Mikyc
[2009/01/02 18:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\MSNInstaller
[2011/04/25 12:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Nikon
[2011/08/29 13:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Nonoh
[2011/02/03 10:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\ParetoLogic
[2011/05/28 15:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Peyw
[2011/02/18 16:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\PriceGong
[2010/11/09 20:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\searchqutb
[2008/12/17 01:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\s_5849_NDd8fHx8NDd8fHwxMjQyMDgxNjE0fA_
[2011/05/28 14:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Toac
[2011/08/29 13:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Uniblue
[2011/06/21 21:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\uTorrent
[2011/05/30 09:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Vefaki
[2010/01/27 15:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\VoipZoom
[2011/08/02 00:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Ybzaed
[2011/08/29 22:38:49 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/08/29 17:00:04 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011/08/28 09:14:04 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2011/08/29 23:07:21 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{45E90AB1-9BDD-4C55-9282-71B5175B31F3}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:483AC68A
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B63300D1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BD27B7FC

< End of report >

ASJ112 · 29-08-2011 10:46pm

to Zoran

open OTL, paste this in the custom scan/fixes box

:OTL
O20 - AppInit_DLLs: (dmeeoj.dll) - File not found
O20 - AppInit_DLLs: (fouvad.dll) - File not found
O20 - Winlogon\Notify\mekomdo: DllName - C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\mekomdo.dll - File not found
O20 - Winlogon\Notify\refalag: DllName - C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\refalag.dll - File not found
O29 - HKLM SecurityProviders - (mprqrfts.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxyxXPGW) - File not found
[2011/08/01 20:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Ybzaed
[2011/08/01 20:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Asedm
[2008/12/04 14:42:23 | 000,022,017 | -HS- | C] () -- C:\WINDOWS\System32\WGPXxyxx.ini
[2008/12/04 14:42:23 | 000,021,965 | -HS- | C] () -- C:\WINDOWS\System32\WGPXxyxx.ini2
[2010/06/03 21:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\18290
[2011/08/29 22:51:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~0
[2011/05/28 15:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Peyw
[2010/11/09 20:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\searchqutb
[2008/12/17 01:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\s_5849_NDd8fHx8NDd8fHwxMjQyMDgxNjE0fA_
[2011/05/28 14:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Toac
[2011/05/30 09:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Vefaki
[2011/08/02 00:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Ybzaed

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c

click run fix, post the log it gives

also do you recognise these folders

[2011/08/29 21:58:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder118666
[2011/08/29 21:58:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder108192
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder93767
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder108213
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder108211
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder93805
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder18811
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder108179
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder93843
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder93835
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder118682
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder118677

fruitbats · 30-08-2011 6:57am

i think it is game over-tried to start the PC this morning and i got:

windows could not start because the following file is missing or corrupt:windows\sytem32\config\system

you can attempt to repair this file by starting window setup
using the original setp cd-rom
select "r" at the first screen to start repair.

i have no CD so i thinks its won!:eek:

sambos · 30-08-2011 8:14am

Hi ASj112/Fruitbats, I have downloaded AVAST for free, ran a scan using this antivirus and it seems to have cleared up the problem,AVAST picked up 4 infections/trojans which AVG wasnt picking up (tho I have since deleted AVG so as to free up memory)..One thing I notice now is that I cant change my homepage on my browser, keeps going to Imesh search engine even when I change it in internet options, I am using firefox , any ideas?

fruitbats · 30-08-2011 9:29am

fruitbats wrote: »

i think it is game over-tried to start the PC this morning and i got:

windows could not start because the following file is missing or corrupt:windows\sytem32\config\system

you can attempt to repair this file by starting window setup
using the original setp cd-rom
select "r" at the first screen to start repair.

i have no CD so i thinks its won!:eek:

just got a cd from the nice man ib the computer shop, so i'm trying that now

ASJ112 · 30-08-2011 10:43am

sambos can you do this step

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files here

fruitbats, is it a Windows CD you have ? We can use that to fix your problem don't worry

fruitbats · 30-08-2011 10:58am

ASJ112 wrote: »

can you update malwarebytes anti-malware, run a quick scan, post that log here

thanks for all your help ASJ112, but its well and truly shagged, i bring it to the shop.

ASJ112 · 30-08-2011 11:08am

give this a shot first, its easy and quick and fixes a lot of errors like that

http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/

Hermiona · 01-09-2011 6:27pm

Hi there!
I have the same problem with the same virus.
So should I post results from OTL scan to or is it worthless?
Now I'm using the computer only in safe mode cause I dont dare start in normal
Before that, I've scanned with AVG, Malwarebytes, Spybot and SuperAntiSpyware and it did remove some Trojans but the bastard Trojan Horse agent_r.AOB is still in my computer...:mad:
So is there hope or my system will go haywire..? :eek:
Thank you.

mp22 · 01-09-2011 7:25pm

http://www.bleepingcomputer.com/forums/topic416717.html

have a read here

ASJ112 · 01-09-2011 7:29pm

post your OTL log here, and MBAM and AVG if you have them

Hermiona · 01-09-2011 8:12pm

OTL logfile created on: 30.8.2011 18:16:03 - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Sanja\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

1013,87 Mb Total Physical Memory | 441,36 Mb Available Physical Memory | 43,53% Memory free
2,39 Gb Paging File | 1,93 Gb Available in Paging File | 80,80% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 58,67 Gb Free Space | 42,19% Space Free | Partition Type: NTFS

Computer Name: SINDOREA | User Name: Sanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.29 19:49:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sanja\Desktop\OTL.exe
PRC - [2011.04.18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011.03.16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009.11.23 15:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009.11.23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009.11.23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009.11.23 15:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009.07.11 01:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009.07.10 12:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008.11.04 12:39:20 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008.04.18 07:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011.08.11 13:08:39 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
MOD - [2011.08.11 13:05:27 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011.08.11 13:04:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011.08.11 12:58:26 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011.08.11 12:53:36 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011.06.17 22:02:47 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009.11.23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009.11.23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.07.10 12:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.11.04 12:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.04.18 07:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2011.04.25 01:18:23 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.01.07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.08.31 12:18:16 | 005,891,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.08.27 15:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009.06.22 06:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009.05.20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.05.06 19:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.03.02 07:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008.12.08 18:21:20 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008.12.08 18:21:20 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008.12.08 18:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008.12.08 18:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008.12.08 18:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.12.08 18:21:20 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.12.02 05:52:00 | 000,058,800 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.12.02 05:52:00 | 000,017,840 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.12.02 05:52:00 | 000,015,280 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.08.05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007.02.16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006.01.04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph03106305l0464wu95w54024788
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph03106305l0464wu95w54024788

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph03106305l0464wu95w54024788
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.hr/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.26 19:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.25 23:26:51 | 000,000,000 | ---D | M]

[2010.03.20 00:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sanja\Application Data\Mozilla\Extensions
[2011.08.16 21:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sanja\Application Data\Mozilla\Firefox\Profiles\mgsiy0n3.default\extensions
[2011.03.06 22:10:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sanja\Application Data\Mozilla\Firefox\Profiles\mgsiy0n3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.16 21:20:17 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Documents and Settings\Sanja\Application Data\Mozilla\Firefox\Profiles\mgsiy0n3.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2011.04.25 14:09:51 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Sanja\Application Data\Mozilla\Firefox\Profiles\mgsiy0n3.default\extensions\DTToolbar@toolbarnet.com
[2011.04.05 00:31:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Sanja\Application Data\Mozilla\Firefox\Profiles\mgsiy0n3.default\extensions\engine@conduit.com
[2011.04.25 01:15:06 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Sanja\Application Data\Mozilla\Firefox\Profiles\mgsiy0n3.default\searchplugins\daemon-search.xml
[2011.07.04 23:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.07.04 23:04:26 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.05.12 17:18:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.12 17:18:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.08.26 19:34:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.05.12 17:18:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010.01.01 10:00:00 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2010.10.21 00:51:34 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml
[2010.01.01 10:00:00 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml

O1 HOSTS File: ([2011.06.08 20:37:37 | 000,434,206 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14970 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\mehioto: DllName - C:\Documents and Settings\NetworkService\Local Settings\Application Data\mehioto.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Sanja\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sanja\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.28 17:07:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\Shell - "" = AutoRun
O33 - MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\Shell - "" = AutoRun
O33 - MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aaa9dc7e-a238-11df-a6d2-705ab62dd432}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.29 19:48:59 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sanja\Desktop\OTL.exe
[2011.08.29 13:37:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sanja\Recent
[2011.08.16 22:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sanja\Desktop\vjenčanje
[2011.08.02 20:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sanja\My Documents\EA Games
[2011.07.31 21:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sanja\My Documents\mp4
[2010.04.14 18:15:11 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe32.dll
[2010.03.18 11:10:15 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010.03.18 11:10:11 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.30 18:19:48 | 130,537,212 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011.08.30 18:19:45 | 000,446,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.30 18:19:45 | 000,073,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.30 18:18:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.30 18:15:14 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.30 18:14:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.30 18:14:51 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.29 22:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011.08.29 19:49:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sanja\Desktop\OTL.exe
[2011.08.29 16:27:02 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011.08.29 15:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011.08.29 14:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011.08.29 13:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011.08.29 09:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011.08.28 21:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011.08.28 18:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011.08.28 17:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011.08.28 16:33:49 | 000,182,272 | ---- | M] () -- C:\Program Files\wintask.exe
[2011.08.28 02:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011.08.28 01:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011.08.28 00:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011.08.27 23:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011.08.27 20:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011.08.27 19:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011.08.27 12:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011.08.27 11:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011.08.26 13:37:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.11 12:44:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011.08.09 18:21:21 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.29 13:19:23 | 1063,194,624 | -HS- | C] () -- C:\hiberfil.sys
[2011.07.31 22:08:08 | 003,584,867 | ---- | C] () -- C:\Documents and Settings\Sanja\My Documents\American Idol 10 Top 7 Haley Reinhart - Rolling In The Deep [ Studio Version ].mp3
[2011.07.22 18:57:13 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2y3Hy1sh.dat
[2011.06.17 21:53:02 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011.06.08 05:58:47 | 000,001,303 | ---- | C] () -- C:\WINDOWS\mgutil_reg.ini
[2011.06.08 05:58:47 | 000,000,119 | ---- | C] () -- C:\WINDOWS\mgutil_win.ini
[2011.06.07 15:01:34 | 000,015,936 | -HS- | C] () -- C:\Documents and Settings\Sanja\Local Settings\Application Data\qex15n43oehns8r7
[2011.06.07 15:01:34 | 000,015,936 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qex15n43oehns8r7
[2011.04.04 00:22:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.07.30 19:46:18 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.07.05 00:53:46 | 000,727,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.03.20 00:13:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.03.18 11:10:15 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010.03.18 11:10:15 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010.03.18 11:10:15 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010.03.18 00:35:58 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\Sanja\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.28 21:15:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.01.28 20:09:37 | 000,189,796 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2010.01.28 20:09:37 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2010.01.28 20:09:37 | 000,000,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2010.01.28 20:09:37 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2010.01.28 20:09:37 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2010.01.28 20:09:37 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2010.01.28 20:09:37 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2010.01.28 20:09:37 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010.01.28 20:08:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010.01.28 17:11:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2010.01.28 17:10:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.01.28 17:06:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.01.28 17:05:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010.01.28 16:46:09 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010.01.28 16:46:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2010.01.28 16:45:48 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010.01.28 16:45:46 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010.01.28 16:45:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010.01.28 16:45:46 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010.01.28 16:45:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010.01.28 16:45:45 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010.01.28 16:45:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010.01.28 16:45:44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010.01.28 16:45:41 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010.01.28 16:45:41 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010.01.28 16:45:35 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010.01.28 16:45:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010.01.28 09:02:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.01.28 09:01:49 | 002,257,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.12.30 20:13:14 | 000,137,196 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008.08.20 16:45:46 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml

========== LOP Check ==========

[2010.01.28 20:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
[2011.03.21 00:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2011.08.29 13:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010.04.14 18:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011.03.15 00:01:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011.06.15 22:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.01.28 20:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EgisTec
[2010.01.28 20:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2011.06.08 18:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010.04.14 22:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Partner
[2010.03.17 19:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011.06.09 03:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.03.19 21:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2011.06.08 16:31:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.03.21 02:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\Acoustica
[2010.05.13 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\Ambient Design
[2011.06.09 00:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\AVG10
[2011.04.25 01:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\DAEMON Tools Lite
[2011.04.05 00:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\fretsonfire
[2011.04.05 00:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\GetRightToGo
[2011.06.16 16:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\GZero
[2010.08.20 16:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\IObit
[2010.09.19 22:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\LiveCAD3
[2010.08.12 19:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\LolClient
[2010.06.01 12:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\OpenOffice.org
[2011.07.15 17:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\PhotoScape
[2011.03.21 02:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\SynthMaker
[2010.05.12 17:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\SystemRequirementsLab
[2011.07.23 16:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\uTorrent
[2010.03.19 21:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\Vodafone
[2010.05.13 15:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sanja\Application Data\WTouch
[2011.08.28 00:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011.08.29 09:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011.07.22 18:38:41 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011.08.27 11:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011.08.27 12:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011.08.29 13:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011.08.29 14:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011.08.29 15:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011.08.29 16:27:02 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011.08.28 17:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011.08.28 18:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011.08.28 01:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011.08.27 19:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011.08.27 20:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011.08.28 21:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011.08.29 22:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011.08.27 23:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011.08.28 02:27:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011.07.22 18:38:41 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011.07.22 18:38:41 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011.07.22 18:38:41 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011.07.22 18:38:41 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011.07.22 18:38:41 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011.07.22 18:38:41 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93DE1838
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

Hermiona · 01-09-2011 8:14pm

OTL Extras logfile created on: 30.8.2011 18:16:03 - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Sanja\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

1013,87 Mb Total Physical Memory | 441,36 Mb Available Physical Memory | 43,53% Memory free
2,39 Gb Paging File | 1,93 Gb Available in Paging File | 80,80% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 58,67 Gb Free Space | 42,19% Space Free | Partition Type: NTFS

Computer Name: SINDOREA | User Name: Sanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"G:\League of Legends\Air\LolClient.exe" = G:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby
"G:\League of Legends\Game\League of Legends.exe" = G:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\WoW\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe" = C:\WoW\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\TEMP\lmlkrn\setup.exe" = C:\WINDOWS\TEMP\lmlkrn\setup.exe:*:Enabled:setup
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{235B7B98-EAC3-4953-AE2C-EABCE1CD65C9}_is1" = GBoost
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}" = Vodafone Mobile Connect Lite
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.7.322
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"Acer Screensaver" = Acer ScreenSaver
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AVG" = AVG 2011
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Game Booster_is1" = Game Booster
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"Identity Card" = Identity Card
"ie8" = Windows Internet Explorer 8
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LManager" = Launch Manager
"Magic Utilities 2009_is1" = Magic Utilities 2009 Version 6.01
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0 (x86 hr)" = Mozilla Firefox 6.0 (x86 hr)
"MSNINST" = MSN
"MzGameAccelerator_is1" = Mz Game Accelerator
"Pen Tablet Driver" = Pen Tablet
"PhotoScape" = PhotoScape
"Sint Nicolaas" = Sint Nicolaas (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR arhiver
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.8.2011 7:14:53 | Computer Name = SINDOREA | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28.8.2011 10:37:30 | Computer Name = SINDOREA | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28.8.2011 13:10:55 | Computer Name = SINDOREA | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 28.8.2011 15:09:38 | Computer Name = SINDOREA | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 29.8.2011 3:13:58 | Computer Name = SINDOREA | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 29.8.2011 3:25:18 | Computer Name = SINDOREA | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 29.8.2011 3:37:37 | Computer Name = SINDOREA | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 29.8.2011 7:19:49 | Computer Name = SINDOREA | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 29.8.2011 16:04:51 | Computer Name = SINDOREA | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 30.8.2011 12:15:06 | Computer Name = SINDOREA | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

[ OSession Events ]
Error - 29.3.2010 17:03:06 | Computer Name = SINDOREA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 830
seconds with 720 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29.8.2011 3:33:05 | Computer Name = SINDOREA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 29.8.2011 3:34:07 | Computer Name = SINDOREA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgldx86 Avgmfx86 Fips intelppm mwlPSDFilter mwlPSDNServ mwlPSDVDisk SASDIFSV SASKUTIL

Error - 29.8.2011 3:37:37 | Computer Name = SINDOREA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 29.8.2011 7:18:30 | Computer Name = SINDOREA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 29.8.2011 7:27:00 | Computer Name = SINDOREA | Source = Schedule | ID = 7901
Description = The At14.job command failed to start due to the following error: %%2147942402

Error - 29.8.2011 8:27:00 | Computer Name = SINDOREA | Source = Schedule | ID = 7901
Description = The At15.job command failed to start due to the following error: %%2147942402

Error - 29.8.2011 9:27:00 | Computer Name = SINDOREA | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error: %%2147942402

Error - 29.8.2011 10:27:02 | Computer Name = SINDOREA | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942402

Error - 29.8.2011 16:27:00 | Computer Name = SINDOREA | Source = Schedule | ID = 7901
Description = The At23.job command failed to start due to the following error: %%2147942402

Error - 30.8.2011 12:15:38 | Computer Name = SINDOREA | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

< End of report >

Hermiona · 01-09-2011 8:15pm

AVG 2011 Anti-Virus command line scanner
Copyright (c) 1992 - 2011 AVG Technologies
Program version 10.0.1392, engine 10.0.1520
Virus Database: Version 1520/3867 2011-08-30

C:\WINDOWS\Temp\conhost.exe Trojan horse Agent_r.AOB
C:\WINDOWS\Temp\conhost.exe (1396):\memory_008f0000 Trojan horse Agent_r.AOB
C:\WINDOWS\Temp\conhost.exe (1396) Trojan horse Agent_r.AOB Object was moved to Virus Vault.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Sanja\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db Locked file. Not tested.
C:\Documents and Settings\Sanja\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow Locked file. Not tested.
C:\Documents and Settings\Sanja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Sanja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Sanja\ntuser.dat Locked file. Not tested.
C:\Documents and Settings\Sanja\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\CatRoot2\edb.log Locked file. Not tested.
C:\WINDOWS\system32\CatRoot2\tmp.edb Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
C:\WINDOWS\Temp\conhost.exe Trojan horse Agent_r.AOB

Objects scanned : 1180217
Found infections : 4
Found PUPs : 0
Healed infections : 3
Healed PUPs : 0
Warnings : 0

Hermiona · 01-09-2011 8:16pm

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7586

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

31.8.2011 6:24:45
mbam-log-2011-08-31 (06-24-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 285728
Time elapsed: 37 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WORT (Trojan.Vilsel) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wintask (Trojan.Agent) -> Value: wintask -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\wintask.exe (Trojan.Agent) -> Quarantined and deleted successfully.

ASJ112 · 01-09-2011 9:27pm

open OTL, paste this in the custom scan/fixes box

:OTL
O20 - Winlogon\Notify\mehioto: DllName - C:\Documents and Settings\NetworkService\Local Settings\Application Data\mehioto.dll - File not found
O33 - MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\Shell - "" = AutoRun
O33 - MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\Shell - "" = AutoRun
O33 - MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aaa9dc7e-a238-11df-a6d2-705ab62dd432}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe
[2010.04.14 18:15:11 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe32.dll
[2011.08.28 16:33:49 | 000,182,272 | ---- | M] () -- C:\Program Files\wintask.exe
[2011.07.22 18:57:13 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2y3Hy1sh.dat
[2011.06.07 15:01:34 | 000,015,936 | -HS- | C] () -- C:\Documents and Settings\Sanja\Local Settings\Application Data\qex15n43oehns8r7
[2011.06.07 15:01:34 | 000,015,936 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qex15n43oehns8r7

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
C:\WINDOWS\tasks\At*.job

Click Run Fix, post the log it gives you when you reboot.

zoran · 03-09-2011 1:57pm

I did what u told me,and problem is still there. This is what Malwarebytes anti-malware is showing like popup window : Successfully blocked access to a malicious website 83.133.127.85 Type:outgoing,and when i have check quarantine there is : trojan.agent btmgen. do u want me to scan malwarebytes anti malware to show what is there > Thank u

ASJ112 · 03-09-2011 2:00pm

Zoran, update mbam run a quick scan, post that log here

do you recognise these folders

[2011/08/29 21:58:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder118666
[2011/08/29 21:58:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder108192
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder93767
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder108213
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder108211
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder93805
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder18811
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder108179
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder93843
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder93835
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder118682
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder118677

also open OTL click Quick Scan, post that log here

Hermiona · 03-09-2011 2:18pm

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mehioto\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6894e3dc-9754-11e0-a856-705ab62dd432}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6894e3dc-9754-11e0-a856-705ab62dd432}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6894e3dc-9754-11e0-a856-705ab62dd432}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8b1ccef-338f-11df-a60a-705ab62dd432}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8b1ccef-338f-11df-a60a-705ab62dd432}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8b1ccef-338f-11df-a60a-705ab62dd432}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaa9dc7e-a238-11df-a6d2-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aaa9dc7e-a238-11df-a6d2-705ab62dd432}\ not found.
File H:\PMBP_Win.exe not found.
C:\Documents and Settings\All Users\Application Data\hpe32.dll moved successfully.
File C:\Program Files\wintask.exe not found.
C:\Documents and Settings\All Users\Application Data\2y3Hy1sh.dat moved successfully.
C:\Documents and Settings\Sanja\Local Settings\Application Data\qex15n43oehns8r7 moved successfully.
C:\Documents and Settings\All Users\Application Data\qex15n43oehns8r7 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 294912 bytes
->Temporary Internet Files folder emptied: 9624746 bytes
->FireFox cache emptied: 39935291 bytes
->Flash cache emptied: 566 bytes

User: All Users

User: Default User
->Temp folder emptied: 99086434 bytes
->Temporary Internet Files folder emptied: 216033 bytes
->Flash cache emptied: 321 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 42447 bytes

User: Sanja
->Temp folder emptied: 699924 bytes
->Temporary Internet Files folder emptied: 86622 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 90215447 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3093358 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 27648 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2515589 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 242044542 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 216301 bytes
RecycleBin emptied: 3638 bytes

Total Files Cleaned = 466,00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Sanja
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Sanja\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sanja\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.

OTL by OldTimer - Version 3.2.26.6 log created on 09032011_160519

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ASJ112 · 03-09-2011 2:23pm

Hermiona, copy and paste this in the box custom scan/fixes in OTL

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SaveMBR:0
clearallrestorepoints
%systemroot%\*. /mp /s
C:\*.*

click Quick Scan, post the log it gives

Hermiona · 03-09-2011 2:37pm

OTL logfile created on: 3.9.2011 16:29:55 - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Sanja\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

1013,87 Mb Total Physical Memory | 604,62 Mb Available Physical Memory | 59,63% Memory free
2,39 Gb Paging File | 2,14 Gb Available in Paging File | 89,64% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 63,37 Gb Free Space | 45,57% Space Free | Partition Type: NTFS

Computer Name: SINDOREA | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.09.03 16:11:36 | 000,267,776 | ---- | M] (Ufasoft) -- C:\WINDOWS\Temp\conhost.exe
PRC - [2011.09.01 18:17:08 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.08.29 19:49:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sanja\Desktop\OTL.exe
PRC - [2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011.09.01 18:17:07 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.08.15 12:31:09 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009.11.23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009.11.23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.07.10 12:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.11.04 12:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.04.18 07:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.04.25 01:18:23 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.01.07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.08.31 12:18:16 | 005,891,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.08.27 15:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009.06.22 06:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009.05.20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.05.06 19:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.03.02 07:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008.12.08 18:21:20 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008.12.08 18:21:20 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008.12.08 18:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008.12.08 18:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008.12.08 18:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.12.08 18:21:20 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.12.02 05:52:00 | 000,058,800 | ---- | M] (Egis Incorporated.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.12.02 05:52:00 | 000,017,840 | ---- | M] (Egis Incorporated.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.12.02 05:52:00 | 000,015,280 | ---- | M] (Egis Incorporated.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.08.05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007.02.16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006.01.04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph03106305l0464wu95w54024788
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph03106305l0464wu95w54024788

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.01 18:17:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.25 23:26:51 | 000,000,000 | ---D | M]

[2011.06.08 18:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011.07.04 23:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.07.04 23:04:26 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.05.12 17:18:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.12 17:18:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.03.25 17:50:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.09.01 18:17:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.05.12 17:18:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010.01.01 10:00:00 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2010.10.21 00:51:34 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml
[2010.01.01 10:00:00 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml

O1 HOSTS File: ([2011.09.03 16:05:35 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKCU..\RunOnce: [spchecker] C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.28 17:07:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Advanced SystemCare 3 - hkey= - key= - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
MsConfig - StartUpReg: AVG9_TRAY - hkey= - key= - File not found
MsConfig - StartUpReg: swg - hkey= - key= - File not found

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

CLEARALLRESTOREPOINTS
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011.09.03 16:05:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.09.03 13:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011.08.30 20:09:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.03.18 11:10:15 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010.03.18 11:10:11 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011.09.03 16:31:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.09.03 16:27:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.09.03 16:10:43 | 000,445,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.09.03 16:10:43 | 000,073,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.09.03 16:06:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.09.03 16:03:23 | 000,001,004 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk
[2011.09.03 14:44:52 | 130,954,251 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011.09.03 14:40:32 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.01 23:18:25 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mbam.lnk
[2011.09.01 16:30:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.30 20:18:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.11 12:44:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011.08.09 18:21:21 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

========== Files Created - No Company Name ==========

[2011.09.03 16:31:55 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.09.03 16:03:23 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk
[2011.09.01 23:18:25 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mbam.lnk
[2011.09.01 16:37:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.06.17 21:53:02 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011.06.08 05:58:47 | 000,001,303 | ---- | C] () -- C:\WINDOWS\mgutil_reg.ini
[2011.06.08 05:58:47 | 000,000,119 | ---- | C] () -- C:\WINDOWS\mgutil_win.ini
[2011.04.04 00:22:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.07.30 19:46:18 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.07.05 00:53:46 | 000,727,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.03.20 00:13:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.03.18 11:10:15 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010.03.18 11:10:15 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010.03.18 11:10:15 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010.01.28 21:15:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.01.28 20:09:37 | 000,189,796 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2010.01.28 20:09:37 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2010.01.28 20:09:37 | 000,000,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2010.01.28 20:09:37 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2010.01.28 20:09:37 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2010.01.28 20:09:37 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2010.01.28 20:09:37 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2010.01.28 20:09:37 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010.01.28 20:08:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010.01.28 17:11:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2010.01.28 17:10:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.01.28 17:06:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.01.28 17:05:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010.01.28 16:46:09 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010.01.28 16:46:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2010.01.28 16:45:48 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010.01.28 16:45:46 | 000,445,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010.01.28 16:45:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010.01.28 16:45:46 | 000,073,004 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010.01.28 16:45:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010.01.28 16:45:45 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010.01.28 16:45:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010.01.28 16:45:44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010.01.28 16:45:41 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010.01.28 16:45:41 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010.01.28 16:45:35 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010.01.28 16:45:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010.01.28 09:02:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.01.28 09:01:49 | 002,257,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.12.30 20:13:14 | 000,137,196 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008.08.20 16:45:46 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml

========== LOP Check ==========

[2011.06.08 05:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2011.06.08 18:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011.09.03 13:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011.06.08 05:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vodafone
[2010.01.28 20:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
[2011.03.21 00:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2011.08.31 09:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010.04.14 18:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011.03.15 00:01:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011.06.15 22:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.01.28 20:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EgisTec
[2010.01.28 20:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2011.06.08 18:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010.04.14 22:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Partner
[2010.03.17 19:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011.06.09 03:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.03.19 21:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2011.06.08 16:31:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< C:\*.* >
[2010.01.28 17:07:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.03.18 11:07:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.01.28 17:07:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011.06.16 16:49:42 | 000,008,224 | ---- | M] () -- C:\GDIPFONTCACHEV1.DAT
[2010.01.28 17:07:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.01.28 17:07:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.04.14 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.04.14 14:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011.09.03 16:06:17 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2011.09.03 16:31:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93DE1838
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

ASJ112 · 03-09-2011 2:51pm

its still there, going to need to run something stronger

download and run combofix, post the log it gives ( C:\combofix.txt )

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Hermiona · 03-09-2011 2:56pm

Thank you. Will do that!

zoran · 03-09-2011 3:11pm

No,i don't recognise those files:
[2011/08/29 21:58:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder118666
[2011/08/29 21:58:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder108192
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder93767
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder108213
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder108211
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder93805
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder18811
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder108179
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder93843
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder93835
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder118682
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder118677

ASJ112 · 03-09-2011 3:15pm

zoran probably best if you go and follow those combofix instructions too

zoran · 03-09-2011 3:21pm

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7643
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/3/2011 4:17:33 PM
mbam-log-2011-09-03 (16-17-33).txt
Scan type: Quick scan
Objects scanned: 232145
Time elapsed: 18 minute(s), 49 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
c:\WINDOWS\Temp\conhost.exe (Trojan.Agent.BTMGen) -> 3640 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\Temp\conhost.exe (Trojan.Agent.BTMGen) -> Delete on reboot.

ASJ112 · 03-09-2011 3:22pm

you can leave the OTL step and follow my instructions about combofix zoran

zoran · 03-09-2011 9:03pm

I had some problem with computer,windows stops,couldnt open . What is this mean Files Infected:
c:\WINDOWS\Temp\conhost.exe (Trojan.Agent.BTMGen) -> Delete on reboot.
By the way i am ready to folow your steps about combofix

zoran · 04-09-2011 4:28pm

ComboFix 11-09-03.01 - Owner 09/04/2011 16:45:10.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.197 [GMT 1:00]
Running from: c:\documents and settings\Owner.HOME-DD2F005EFC\Desktop\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\Adobe\plugs
c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\Adobe\shed
c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\PriceGong
c:\documents and settings\Owner\WINDOWS
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\searchqutb.css
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_allocine.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_bliptv.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_calcal.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_calculator.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_gservices.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_sudoku.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_todo.jpg
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_todo.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_trio.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_uconverter.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\manifest.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.

\Legacy_TDSSSERV.SYS
.
.
((((((((((((((((((((((((( Files Created from 2011-08-04 to 2011-09-04 )))))))))))))))))))))))))))))))
.
.
2011-09-04 10:07 . 2011-09-04 13:39

d

w- c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\Sammsoft
2011-09-04 10:07 . 2011-09-04 10:07

d

w- C:\Firefox
2011-09-04 10:07 . 2011-09-04 10:09

d

w- c:\program files\Ask.com
2011-09-04 10:06 . 2011-09-04 15:27

d

w- c:\documents and settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\AskToolbar
2011-09-04 01:13 . 2011-09-04 01:13 1409 ----a-w- c:\windows\QTFont.for
2011-09-04 00:47 . 2011-09-04 00:54

d

w- c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\Search Settings
2011-09-04 00:46 . 2011-09-04 00:46

d

w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2011-09-04 00:46 . 2011-09-04 00:46

d

w- c:\program files\Application Updater
2011-09-04 00:46 . 2011-08-19 15:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-09-04 00:45 . 2011-09-04 00:46

d

w- c:\program files\IObit Toolbar
2011-09-04 00:45 . 2011-09-04 00:45

d

w- c:\program files\Common Files\Spigot
2011-09-04 00:45 . 2010-11-26 17:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-08-31 13:31 . 2011-09-04 13:41

d

w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2011-08-31 08:35 . 2011-08-31 08:35

d

w- c:\documents and settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\Threat Expert
2011-08-31 01:30 . 2011-08-31 01:30

d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-08-30 19:10 . 2011-09-04 14:02

d

w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-08-30 19:10 . 2011-08-30 19:10

d

w- c:\program files\AVAST Software
2011-08-29 22:30 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-29 22:30 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 22:30 . 2011-08-31 00:27

d

w- c:\program files\Malwarebytes' Anti-Malware
2011-08-29 22:11 . 2011-08-29 22:11 512 ----a-w- C:\PhysicalMBR.bin
2011-08-29 22:09 . 2011-08-29 22:09

d

w- C:\_OTL
2011-08-29 21:51 . 2011-08-29 21:51

d

w- c:\documents and settings\All Users.WINDOWS\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-29 21:41 . 2011-08-29 21:41

d

w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\NVIDIA Corporation
2011-08-29 12:28 . 2011-08-29 12:28

d

w- c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\Uniblue
2011-08-29 12:26 . 2011-08-29 12:26

d

w- c:\program files\Uniblue
2011-08-11 15:10 . 2011-08-12 07:25

d

w- c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\AVG
2011-08-11 14:26 . 2011-08-30 22:10

d

w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2011-08-11 14:26 . 2011-08-30 22:07

d

w- c:\windows\system32\drivers\AVG
2011-08-11 14:17 . 2011-08-30 22:09

d

w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2011-08-10 10:38 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 10:37 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-19 12:23 . 2011-06-01 00:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-08-16 18:50 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 10:00 43520

w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 10:00 1469440

w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-18 21:46 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-06-18 21:45 . 2009-08-18 10:24 18328 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-12 22:40 . 2011-06-12 22:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-12 22:40 . 2010-05-11 07:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2007-06-25 14:10 . 2007-06-25 14:10 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 20:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"12Voip"="c:\program files\12Voip.com\12Voip\12Voip.exe" [2011-08-17 13822248]
"Nonoh"="c:\program files\Nonoh.net\Nonoh\Nonoh.exe" [2011-08-22 13811488]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-10 68592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-27 202256]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
.
c:\documents and settings\Owner.HOME-DD2F005EFC\Start Menu\Programs\Startup\
SkypeMate.lnk - c:\program files\SkypeMate\SkypeMate.exe [2007-5-22 405504]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
SkypeMate.lnk - c:\program files\SkypeMate\SkypeMate.exe [2007-5-22 405504]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nonoh.net\\Nonoh\\Nonoh.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9/4/2011 1:45 AM 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/1/2010 9:20 PM 717296]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [5/29/2011 7:36 PM 328536]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8/17/2011 1:00 PM 402328]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [9/4/2011 1:45 AM 820568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/29/2011 11:30 PM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/29/2011 11:30 PM 22712]
S2 AMService;AMService;c:\windows\TEMP\voxn\setup.exe run --> c:\windows\TEMP\voxn\setup.exe run [?]
S2 gupdate1c9c340188e27a4;Google Update Service (gupdate1c9c340188e27a4);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 12:46 PM 133104]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [9/4/2011 1:45 AM 239600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 12:46 PM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/29/2011 11:30 PM 41272]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [9/4/2011 1:45 AM 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [9/4/2011 1:45 AM 16080]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-29 15:40]
.
2011-09-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-05 14:21]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 11:46]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 11:46]
.
2011-09-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-706699826-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
2011-09-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-706699826-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
2011-09-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-08-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-09-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-23 20:20]
.
2011-09-04 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-09-04 09:35]
.
2011-09-04 c:\windows\Tasks\User_Feed_Synchronization-{45E90AB1-9BDD-4C55-9282-71B5175B31F3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.google.ie/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKU-Default-Run-KB821629.exe - c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\KB821629.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-04 17:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6L080L0 rev.BAJ41G20 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82EB757B
user & kernel MBR OK
.
**************************************************************************
.

DLLs Loaded Under Running Processes

.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2152)
c:\windows\system32\WININET.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.

Other Running Processes

.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2011-09-04 17:25:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-04 16:25
.
Pre-Run: 54,675,771,392 bytes free
Post-Run: 54,666,104,832 bytes free
.
- - End Of File - - 7280397301A2FD922E2B9ED027D55BCF

ASJ112 · 04-09-2011 4:34pm

perfect

open OTL, paste this in the custom scan/fixes box

c:\windows\system32\drivers\mrxsmb.sys /md5
c:\windows\system32\drivers\ndistapi.sys /md5
c:\windows\system32\drivers\rdpwd.sys /md5

click quick scan, post that log here

Hermiona · 04-09-2011 5:35pm

ComboFix 11-09-01.03 - Sanja 04.09.2011 19:05:31.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.748 [GMT 2:00]
Running from: C:\Documents and Settings\Sanja\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

((((((((((((((((((((((((( Files Created from 2011-08-04 to 2011-09-04 )))))))))))))))))))))))))))))))

2011-09-03 20:16:14 . 2010-07-16 12:59:54 656320 ----a-w- C:\WINDOWS\system32\drivers\pctEFA.sys
2011-09-03 20:16:14 . 2010-07-16 12:59:54 338880 ----a-w- C:\WINDOWS\system32\drivers\pctDS.sys
2011-09-03 20:16:13 . 2011-01-17 07:10:26 251560 ----a-w- C:\WINDOWS\system32\drivers\pctgntdi.sys
2011-09-03 20:16:04 . 2010-12-10 14:57:26 160448 ----a-w- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011-09-03 20:16:04 . 2010-12-10 11:24:12 239168 ----a-w- C:\WINDOWS\system32\drivers\PCTCore.sys
2011-09-03 20:15:57 . 2010-12-16 06:46:04 70536 ----a-w- C:\WINDOWS\system32\drivers\pctplsg.sys
2011-09-03 20:15:32 . 2011-09-04 15:08:46

d

w- C:\Program Files\PC Tools Security
2011-09-03 20:15:32 . 2011-09-03 21:37:46

d

w- C:\Program Files\Common Files\PC Tools
2011-09-03 20:15:32 . 2011-09-03 20:15:32

d

w- C:\Documents and Settings\Sanja\Application Data\PC Tools
2011-09-03 19:37:24 . 2011-09-03 20:16:00

d

w- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-09-03 14:31:55 . 2011-09-03 14:31:55 512 ----a-w- C:\PhysicalMBR.bin
2011-09-03 14:05:19 . 2011-09-03 14:05:19

d

w- C:\_OTL
2011-09-03 11:54:26 . 2011-09-03 11:54:26

d

w- C:\Documents and Settings\Administrator\Application Data\IObit
2011-08-30 18:22:17 . 2011-08-30 18:22:17

d

w- C:\WINDOWS\system32\wbem\Repository
2011-08-15 10:31:09 . 2011-08-15 10:31:09 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-07-15 13:29:31 . 2010-01-28 14:45:41 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 . 2010-01-28 14:45:43 10496 ----a-w- C:\WINDOWS\system32\drivers\ndistapi.sys
2011-07-06 17:52:42 . 2011-06-08 04:06:30 41272 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 . 2011-06-08 04:06:28 22712 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-06-24 14:10:36 . 2010-01-28 15:05:17 139656 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 . 2010-01-28 14:45:53 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-06-23 18:36:30 . 2010-01-28 14:45:39 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-06-23 18:36:30 . 2010-01-28 14:45:38 1469440 ----a-w- C:\WINDOWS\system32\inetcpl.cpl
2011-06-23 12:05:13 . 2010-01-28 14:45:37 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-06-20 17:44:52 . 2010-01-28 14:45:53 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-09-01 16:17:08 . 2011-04-04 16:07:27 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

<pre>
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl .exe
C:\Program Files\AVG\AVG10\avgtray .exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
C:\Program Files\DAEMON Tools Lite\DTLite .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif .exe
C:\Program Files\Launch Manager\LManager .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\Realtek\Audio\Drivers\AzMixerSel .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\uTorrent\uTorrent .exe
C:\WINDOWS\PLFSetL .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41:42 120104 ----a-w- C:\Program Files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-28 01:00:20 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-28 01:00:04 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-28 01:00:14 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 08:01:10 18702336]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 12:00:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 12:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 12:00:00 455168]
"snp2uvc"="C:\WINDOWS\system32\csnp2uvc.dll" [2009-02-16 17:32:38 196608]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 04:02:26 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"AVG_TRAY"="C:\Program Files\AVG\AVG10\avgtray.exe" [2011-04-18 15:40:08 2334560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2010-1-28 708608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync\0C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-08-10 13:10:58 2349776 ----a-w- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"C:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher

R0 AVGIDSEH;AVGIDSEH;C:\WINDOWS\system32\drivers\AVGIDSEH.sys [22.2.2011 8:13:02 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\drivers\avgrkx86.sys [16.3.2011 16:03:20 32592]
R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [3.9.2011 22:16:04 239168]
R0 pctDS;PC Tools Data Store;C:\WINDOWS\system32\drivers\pctDS.sys [3.9.2011 22:16:14 338880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [25.4.2011 1:15:56 218688]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;C:\WINDOWS\system32\drivers\l1c51x86.sys [28.1.2010 16:46:35 38912]
S1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [7.1.2011 6:41:46 248656]
S1 mwlPSDFilter;mwlPSDFilter;C:\WINDOWS\system32\drivers\mwlPSDFilter.sys [28.1.2010 20:37:02 17840]
S1 mwlPSDNServ;mwlPSDNServ;C:\WINDOWS\system32\drivers\mwlPSDNserv.sys [28.1.2010 20:37:02 15280]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\WINDOWS\system32\drivers\mwlPSDVDisk.sys [28.1.2010 20:37:02 58800]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25:48 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41:30 67656]
S2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG10\avgwdsvc.exe [8.2.2011 5:33:42 269520]
S2 gupdate;Usluga Google ažuriranje (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [18.3.2010 0:33:01 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [14.4.2010 18:15:01 90112]
S2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [28.1.2010 20:50:19 253952]
S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files\PC Tools Security\pctsAuxs.exe [3.9.2011 22:15:36 366840]
S2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [13.5.2010 15:05:04 4497704]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [28.1.2010 20:29:07 240160]
S2 VMCService;Vodafone Mobile Connect Service;C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4.11.2008 12:39:20 14336]
S2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [13.5.2010 15:05:54 113448]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [28.1.2010 20:09:27 1684736]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [18.3.2010 0:33:01 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\WINDOWS\system32\drivers\massfilter.sys [19.3.2010 21:45:11 7680]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [8.6.2011 6:06:30 41272]
S3 MWLService;MyWinLocker Service;C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe [10.9.2009 15:42:46 305448]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\WINDOWS\system32\Drivers\RTS5121.sys --> C:\WINDOWS\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys --> C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\WINDOWS\system32\drivers\s0017bus.sys [14.4.2010 18:15:21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\WINDOWS\system32\drivers\s0017mdfl.sys [14.4.2010 18:15:22 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\WINDOWS\system32\drivers\s0017mdm.sys [14.4.2010 18:15:22 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\drivers\s0017mgmt.sys [14.4.2010 18:15:25 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\WINDOWS\system32\drivers\s0017nd5.sys [14.4.2010 18:15:23 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\WINDOWS\system32\drivers\s0017obex.sys [14.4.2010 18:15:24 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\WINDOWS\system32\drivers\s0017unic.sys [14.4.2010 18:15:25 109736]
S3 wacmoumonitor;Wacom Mode Helper;C:\WINDOWS\system32\drivers\wacmoumonitor.sys [13.5.2010 15:05:07 16168]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\WINDOWS\system32\drivers\ZTEusbnet.sys [19.3.2010 21:45:58 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;C:\WINDOWS\system32\drivers\zteusbvoice.sys [19.3.2010 21:45:46 104960]

Contents of the 'Scheduled Tasks' folder

2011-09-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-17 22:33:01 . 2010-03-17 22:32:48]

2011-09-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-17 22:33:01 . 2010-03-17 22:32:48]

Supplementary Scan

uStart Page = my.daemon-search.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph03106305l0464wu95w54024788
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Documents and Settings\Sanja\Application Data\Mozilla\Firefox\Profiles\mgsiy0n3.default\

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS

ASJ112 · 04-09-2011 5:48pm

to hermiona

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

RenV::
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl .exe
C:\Program Files\AVG\AVG10\avgtray .exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
C:\Program Files\DAEMON Tools Lite\DTLite .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif .exe
C:\Program Files\Launch Manager\LManager .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\Realtek\Audio\Drivers\AzMixerSel .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\uTorrent\uTorrent .exe
C:\WINDOWS\PLFSetL .exe

Save this as CFScript.txt, in the same location as ComboFix.exe

drag CFScript into ComboFix.exe. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

zoran · 04-09-2011 6:50pm

OTL logfile created on: 9/4/2011 7:31:59 PM - Run 7
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 69.61 Mb Available Physical Memory | 13.65% Memory free
1.22 Gb Paging File | 0.66 Gb Available in Paging File | 54.55% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 51.00 Gb Free Space | 66.82% Space Free | Partition Type: NTFS

Computer Name: HOME-DD2F005EFC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/29 13:48:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\OTL.exe
PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/08/23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/08/22 16:32:22 | 013,811,488 | ---- | M] (Nonoh) -- C:\Program Files\Nonoh.net\Nonoh\nonoh.exe
PRC - [2011/08/17 18:32:50 | 013,822,248 | ---- | M] (12Voip) -- C:\Program Files\12Voip.com\12Voip\12voip.exe
PRC - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/08/09 16:56:40 | 000,417,112 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/08/09 16:40:34 | 000,763,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/03/27 09:44:19 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/10 16:44:08 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/22 07:36:24 | 000,405,504 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.exe
PRC - [2005/07/19 18:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 16:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 15:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/20 00:30:48 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2010/03/27 09:48:42 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2007/05/30 10:13:34 | 000,671,744 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.dll
MOD - [2007/05/30 07:15:46 | 000,077,824 | ---- | M] () -- C:\Program Files\SkypeMate\VistaVolume.dll
MOD - [2007/05/22 07:36:24 | 000,405,504 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.exe
MOD - [2004/09/14 18:49:02 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbxPP5C.DLL
MOD - [2004/08/13 17:14:18 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 962\dlbxcnv4.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2004/08/26 22:57:02 | 000,450,560 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)

========== Driver Services (SafeList) ==========

DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/01/01 21:20:31 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/05/27 10:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [12Voip] C:\Program Files\12Voip.com\12Voip\12Voip.exe (12Voip)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Nonoh] C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe (Nonoh)
O4 - Startup: C:\Documents and Settings\Owner.HOME-DD2F005EFC\Start Menu\Programs\Startup\SkypeMate.lnk = C:\Program Files\SkypeMate\SkypeMate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/02 12:14:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 15:15:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/04 12:19:40 | 004,194,725 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\ComboFix.exe
[2011/09/04 12:18:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos
[2011/09/04 12:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Favorites
[2011/09/04 11:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Sammsoft
[2011/09/04 11:07:06 | 000,000,000 | ---D | C] -- C:\Firefox
[2011/09/04 11:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/09/04 11:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\AskToolbar
[2011/09/04 01:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\IObit Malware Fighter
[2011/09/04 01:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Search Settings
[2011/09/04 01:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/09/04 01:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/09/04 01:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/09/04 01:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Smart Defrag 2
[2011/08/31 14:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2011/08/31 09:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\Threat Expert
[2011/08/31 01:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\My Documents\downloads
[2011/08/30 20:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/30 20:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/08/29 23:30:40 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/29 23:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/29 23:30:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/29 23:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/29 23:26:21 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/29 23:09:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/29 22:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/08/29 13:48:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\OTL.exe
[2011/08/29 13:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Uniblue
[2011/08/29 13:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/08/11 16:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG
[2011/08/11 16:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC Tuneup 2011
[2011/08/11 15:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG10
[2011/08/11 15:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2011/08/11 15:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/11 15:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/01/15 14:05:32 | 011,261,896 | ---- | C] (http://www.ojosoft.com ) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\total-video-converter.exe
[2007/06/25 15:10:15 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2011/09/04 19:15:42 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/04 19:15:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/04 19:15:26 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-706699826-725345543-1003.job
[2011/09/04 19:15:25 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/09/04 19:15:25 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/09/04 19:15:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 19:09:06 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/09/04 18:59:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/04 18:06:45 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{45E90AB1-9BDD-4C55-9282-71B5175B31F3}.job
[2011/09/04 16:27:44 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-706699826-725345543-1003.job
[2011/09/04 15:14:13 | 004,194,725 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\ComboFix.exe
[2011/09/04 15:01:51 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/04 02:13:59 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/09/04 02:13:58 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/09/04 01:47:32 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Malware Fighter.lnk
[2011/09/04 01:45:09 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/09/04 01:45:06 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Smart Defrag 2.lnk
[2011/09/04 01:39:28 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Quick Care.lnk
[2011/09/04 01:39:27 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Advanced SystemCare 4.lnk
[2011/09/03 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/08/31 22:38:38 | 000,000,568 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/08/31 01:25:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/29 23:26:39 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/29 23:11:33 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/08/29 13:48:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\OTL.exe
[2011/08/28 09:14:04 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/08/19 16:33:26 | 000,025,944 | ---- | M] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/08/11 16:08:32 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/11 08:20:44 | 000,463,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 08:20:44 | 000,080,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/11 08:11:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

========== Files Created - No Company Name ==========

[2011/09/04 15:15:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/04 15:15:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/04 11:09:15 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/09/04 02:13:59 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/09/04 02:13:58 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/09/04 01:55:27 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/09/04 01:47:32 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Malware Fighter.lnk
[2011/09/04 01:46:00 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/09/04 01:45:42 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/09/04 01:45:09 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/09/04 01:45:06 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Smart Defrag 2.lnk
[2011/08/29 23:30:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/29 23:11:33 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/08/11 16:19:26 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-706699826-725345543-1003.job
[2011/08/11 16:08:32 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\AVG PC Tuneup 2011.lnk
[2011/06/20 08:16:39 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/25 12:17:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2011/04/24 13:17:33 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hybrid Basic
[2011/04/24 13:17:33 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Home
[2011/04/24 13:17:33 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdw.DAT
[2011/04/24 13:17:33 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Images
[2011/04/24 13:14:09 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Horn Section
[2011/04/24 13:14:09 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Helper Scripts
[2011/04/24 13:14:09 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT
[2011/04/24 13:14:09 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Icons
[2011/01/14 15:31:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/04 00:47:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FxSetDll.INI
[2009/12/30 22:04:32 | 000,000,121 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\default.rss
[2009/11/23 14:48:50 | 000,005,184 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\N360BUOptions.ini
[2009/09/22 22:23:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/19 09:42:00 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/02/19 09:41:05 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/19 09:41:03 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/01/12 01:54:22 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2009/01/12 01:54:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2009/01/12 01:54:21 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\tvqdec.dll
[2008/12/03 20:53:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/03 20:53:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/03 20:53:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/19 16:42:10 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/08/18 15:15:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/17 11:24:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/17 01:45:03 | 000,000,568 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/08/16 22:45:03 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/16 20:41:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/16 20:39:28 | 000,287,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/16 19:59:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/16 19:51:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/14 11:17:31 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
[2008/08/14 11:17:31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
[2008/08/14 11:17:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
[2008/08/14 11:17:27 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
[2008/08/14 11:17:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
[2008/08/14 11:17:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
[2008/08/14 11:17:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
[2008/08/14 11:17:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
[2008/08/14 11:17:23 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
[2005/03/22 19:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 19:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,463,826 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,080,750 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/09/04 15:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/08/30 23:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2011/08/11 15:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/11/03 23:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Bandoo
[2011/03/14 16:49:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2009/11/09 17:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
[2011/02/03 20:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
[2011/04/24 13:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EnterNHelp
[2011/01/05 00:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fighters
[2011/04/22 17:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FileServe Limited
[2011/05/28 15:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2009/06/13 21:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
[2011/08/30 23:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/04/24 13:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nikon
[2011/08/31 14:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2011/02/03 18:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegCure
[2011/09/04 02:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011/04/24 13:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ultima_T15
[2011/04/15 23:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2008/12/06 01:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/08/29 22:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/04 12:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\12Voip
[2011/08/12 08:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG
[2011/08/11 15:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG10
[2009/11/28 12:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG9
[2011/05/28 14:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\BitTorrent
[2008/12/06 00:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/03 18:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\DriverCure
[2010/05/11 16:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\EdAlive
[2010/03/04 01:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Facebook
[2010/11/11 11:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Fighters
[2010/07/10 12:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\FUJIFILM
[2011/05/29 18:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Fytife
[2010/07/13 23:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\ImgBurn
[2011/09/04 09:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\IObit
[2011/05/27 17:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Ivkyit
[2011/05/28 15:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Mikyc
[2009/01/02 18:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\MSNInstaller
[2011/04/25 12:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Nikon
[2011/09/04 19:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Nonoh
[2011/02/03 10:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\ParetoLogic
[2011/09/04 14:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Sammsoft
[2011/09/04 01:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Search Settings
[2011/08/29 13:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Uniblue
[2011/09/04 10:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\uTorrent
[2010/01/27 15:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\VoipZoom
[2011/09/04 19:15:25 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/09/03 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011/08/28 09:14:04 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2011/09/04 19:09:06 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/09/04 19:15:25 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2011/09/04 18:06:45 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{45E90AB1-9BDD-4C55-9282-71B5175B31F3}.job

========== Purity Check ==========

========== Custom Scans ==========

< c:\windows\system32\drivers\mrxsmb.sys /md5 >
[2011/07/15 14:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- c:\windows\system32\drivers\mrxsmb.sys

< c:\windows\system32\drivers\ndistapi.sys /md5 >
[2011/07/08 15:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) MD5=0109C4F3850DFBAB279542515386AE22 -- c:\windows\system32\drivers\ndistapi.sys

< c:\windows\system32\drivers\rdpwd.sys /md5 >
[2011/06/24 15:10:36 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=FC105DD312ED64EB66BFF111E8EC6EAC -- c:\windows\system32\drivers\rdpwd.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:483AC68A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B63300D1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BD27B7FC
< End of report >

CONHOST.EXE

Comments