1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved fidbox.idx(more) are taking up excessive space - Malware

Discussion in 'Malware and Virus Removal Archive' started by Hendrix, 2009/12/12.

Page 1 of 3
  1. 2009/12/12
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    [Resolved] fidbox.idx(more) are taking up excessive space - Malware

    Okay, so a couple of weeks ago, i got some trojans on my computer, I used a lot of programs to remove them, like combofix, malwarebytes...pretty much any you can think of. I removed the trojans, but I found some programs called fidbox & fidbox2 on my computer using "ProcessExplorer" and they are taking up gbs on my computer, I know they're malware related, I tried looking for them in the system3 folder where it says they are, but they're not there, i checked hidden folders and they're not there, and using "ProcessExplorer" i've noticed that I don't have any permissions to delete them, execute them & etc. I need to know how to remove them permanently. Here are by DDS logs

    DDS:

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by HomeComputer at 20:43:56.23 on Sat 12/12/2009
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.446 [GMT -8:00]

    AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Documents and Settings\HomeComputer\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.juno.com/dsl/sp
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;cf.netzero.net;qs.netzero.net;*.quicken.com;*.pogo.com;<local>;*.local
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    TB: JunoBar: {5854fac4-5bf0-47dd-b5a9-a5ea8cff3cf4} -
    TB: {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - No File
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255460484812
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\homeco~1\applic~1\mozilla\firefox\profiles\cc4w1vaz.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 7900
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\homecomputer\application data\mozilla\firefox\profiles\cc4w1vaz.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
    FF - component: c:\documents and settings\homecomputer\application data\mozilla\firefox\profiles\cc4w1vaz.default\extensions\piclens@cooliris.com\components\cooliris.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\homecomputer\application data\mozilla\firefox\profiles\cc4w1vaz.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    FF - user.js: browser.blink_allowed - false
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-12-4 161800]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-4 333192]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-4 28424]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-4 360584]
    R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-12-4 186128]
    R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-12-4 906520]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-4 285392]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

    =============== Created Last 30 ================

    2009-12-05 16:22:31 0 d-----w- c:\docume~1\homeco~1\applic~1\Malwarebytes
    2009-12-05 16:08:26 0 d-sha-r- C:\cmdcons
    2009-12-05 15:44:22 0 d--h--w- c:\windows\PIF
    2009-12-05 15:31:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
    2009-12-05 06:15:31 7652 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2009-12-05 06:15:31 73760 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2009-12-05 06:15:31 29156 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-12-05 06:15:31 2148640 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-12-05 06:15:18 3506 ----a-w- C:\rollback.ini
    2009-12-05 06:10:09 0 d-----w- c:\program files\common files\ParetoLogic
    2009-12-05 06:10:08 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
    2009-12-05 05:42:32 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-12-05 05:42:32 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2009-12-05 05:42:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-12-05 05:42:24 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-12-05 05:42:18 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
    2009-12-05 05:41:40 0 d-----w- c:\program files\AVG
    2009-12-05 03:58:44 0 d-----w- c:\windows\pss
    2009-12-05 02:11:11 0 d-----w- c:\program files\CleanUp!
    2009-12-05 02:08:14 0 d-----w- c:\program files\CCleaner
    2009-12-05 01:26:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
    2009-12-05 01:26:49 0 d-----w- c:\program files\Security Task Manager
    2009-12-05 00:57:08 0 d-----w- c:\windows\system32\wbem\Repository
    2009-12-05 00:56:22 0 d-----w- c:\windows\system32\drivers\Avg
    2009-12-05 00:55:34 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    2009-12-05 00:26:30 0 d-----w- c:\windows\123456789ABCDEFG
    2009-12-04 23:56:33 237600 ----a-w- c:\windows\system32\drivers\str.sys.vir
    2009-12-04 04:46:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-12-04 04:24:05 0 d-----w- c:\program files\WinClamAVShield
    2009-12-04 04:20:50 0 d-----w- c:\program files\Crawler
    2009-12-04 04:20:46 0 d-----w- c:\docume~1\homeco~1\applic~1\Spyware Terminator
    2009-12-04 04:20:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator
    2009-12-04 04:20:42 0 d-----w- c:\program files\Spyware Terminator
    2009-12-04 04:08:25 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2009-12-04 04:08:25 0 d-----w- C:\$AVG
    2009-12-04 03:17:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll.install_backup
    2009-12-04 02:03:03 29512 ----a-w- c:\windows\system32\TURegOpt.exe
    2009-12-04 02:03:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
    2009-12-04 02:02:13 0 d-----w- c:\docume~1\homeco~1\applic~1\TuneUp Software
    2009-12-04 02:01:15 0 d-----w- c:\program files\TuneUp Utilities 2010
    2009-12-04 02:00:49 0 d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
    2009-12-03 01:50:19 0 d-----w- c:\windows\system32\Adobe
    2009-12-02 03:20:41 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM
    2009-12-02 03:20:36 0 d-----w- c:\program files\AIM
    2009-12-02 03:20:30 0 d-----w- c:\program files\common files\Software Update Utility
    2009-12-02 03:20:30 0 d-----w- c:\program files\common files\AOL
    2009-12-02 03:19:02 459 ---ha-w- C:\IPH.PH
    2009-11-24 00:24:19 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-11-24 00:24:19 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-11-24 00:23:28 0 d-----w- c:\program files\iPod
    2009-11-24 00:23:24 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-11-24 00:23:23 0 d-----w- c:\program files\iTunes
    2009-11-24 00:22:47 0 d-----w- c:\program files\Bonjour
    2009-11-22 23:26:11 0 d-----w- c:\program files\FlashFXP
    2009-11-22 23:26:11 0 d-----w- c:\docume~1\alluse~1\applic~1\FlashFXP
    2009-11-22 03:41:26 946176 ----a-w- c:\windows\system32\wodFtpDLXG.OCX
    2009-11-22 03:41:26 224016 ----a-w- c:\windows\system32\TABCTL32.OCX
    2009-11-22 03:41:25 0 d-----w- c:\program files\GoFTP
    2009-11-19 23:57:36 0 d-----w- c:\program files\Pure Networks
    2009-11-19 23:56:13 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys
    2009-11-19 23:56:07 25264 ----a-w- c:\windows\system32\drivers\purendis.sys
    2009-11-19 23:55:59 0 d-----w- c:\program files\common files\Pure Networks Shared
    2009-11-19 23:54:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks
    2009-11-15 21:38:52 36 ----a-w- c:\windows\system32\?Æ
    2009-11-14 23:32:58 0 d-----w- c:\program files\Minefield

    ==================== Find3M ====================

    2009-11-26 04:50:44 143544 ----a-w- c:\windows\fonts\trixie plain.TTF
    2009-11-26 04:50:15 66484 ----a-w- c:\windows\fonts\TrajanPro-Regular.otf
    2009-11-01 22:07:29 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll
    2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll
    2009-10-29 04:48:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2009-10-29 04:48:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2009-10-26 17:50:10 39492 ----a-w- c:\windows\fonts\Felix
    2009-10-25 21:24:28 49860 ----a-w- c:\windows\fonts\Old London Alternate.ttf
    2009-10-22 01:05:15 20268 ----a-w- c:\windows\fonts\Evolution_True_Type_Font_by_PAULW.ttf
    2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2009-10-13 18:31:32 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
    2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-03 00:22:52 89660 ----a-r- c:\windows\fonts\AdobePiStd.otf
    2009-10-03 00:22:52 38152 ----a-r- c:\windows\fonts\CourierStd-Oblique.otf
    2009-10-03 00:22:52 37852 ----a-r- c:\windows\fonts\CourierStd-BoldOblique.otf
    2009-10-03 00:22:52 36732 ----a-r- c:\windows\fonts\CourierStd.otf
    2009-10-03 00:22:52 36520 ----a-r- c:\windows\fonts\CourierStd-Bold.otf
    2009-09-25 05:37:09 81920 ------w- c:\windows\system32\ieencode.dll
    2009-09-20 04:25:18 63004 ----a-w- c:\windows\fonts\advent-Bd2.otf
    2009-09-20 04:25:12 65380 ----a-w- c:\windows\fonts\advent-Lt1.otf
    2009-09-20 04:25:08 66724 ----a-w- c:\windows\fonts\advent-Lt2.otf
    2009-09-20 04:25:02 69200 ----a-w- c:\windows\fonts\advent-Lt3.otf
    2009-09-20 04:24:58 63156 ----a-w- c:\windows\fonts\advent-Bd1.otf
    2009-09-20 04:24:52 62332 ----a-w- c:\windows\fonts\advent-Bd3.otf
    2009-09-20 04:24:46 63992 ----a-w- c:\windows\fonts\advent-Re.otf

    ============= FINISH: 20:44:30.48 ===============


    Attach:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/13/2009 11:39:31 AM
    System Uptime: 12/12/2009 8:30:05 PM (0 hours ago)

    Motherboard: Foxconn | | RC4107MA-S2
    Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Socket 775 | 3059/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 112 GiB total, 92.586 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_14F1&DEV_2F40&SUBSYS_200014F1&REV_00\4&FB75CB&0&30A4
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_14F1&DEV_2F40&SUBSYS_200014F1&REV_00\4&FB75CB&0&30A4
    Service:

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: AVG miniport driver
    Device ID: ROOT\GR_AVGFWMP\0000
    Manufacturer: AVG Technologies
    Name: 2Wire Gateway USB - AVG miniport driver
    PNP Device ID: ROOT\GR_AVGFWMP\0000
    Service: Avgfwdx

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: AVG miniport driver
    Device ID: ROOT\GR_AVGFWMP\0001
    Manufacturer: AVG Technologies
    Name: WAN Miniport (IP) - AVG miniport driver
    PNP Device ID: ROOT\GR_AVGFWMP\0001
    Service: Avgfwdx

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: AVG miniport driver
    Device ID: ROOT\GR_AVGFWMP\0002
    Manufacturer: AVG Technologies
    Name: Realtek RTL8139 Family PCI Fast Ethernet NIC - AVG miniport driver
    PNP Device ID: ROOT\GR_AVGFWMP\0002
    Service: Avgfwdx

    ==== System Restore Points ===================

    RP1: 12/10/2009 7:27:46 PM - System Checkpoint
    RP2: 12/12/2009 12:16:07 PM - System Checkpoint

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2
    Adobe Shockwave Player 11.5
    AIM 7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    AVG 9.0
    Bonjour
    Canon MP Navigator 3.0
    Canon MP160
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Cisco Network Magic
    CleanUp!
    Download Updater (AOL LLC)
    FlashFXP v3
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    iTunes
    Java(TM) 6 Update 17
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2000 Premium
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.5.5)
    MSVCRT
    Network Magic
    PowerDVD
    Pure Networks Platform
    QuickTime
    Realtek AC'97 Audio
    Security Task Manager 1.7h
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Segoe UI
    Skins
    TeamViewer 4
    Time Stopper
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebEx Support Manager for Internet Explorer
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    12/5/2009 9:57:44 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election is being forced.
    12/5/2009 8:15:58 AM, error: Service Control Manager [7000] - The Pure Networks Platform Service service failed to start due to the following error: The system cannot find the file specified.
    12/5/2009 7:48:02 AM, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
    12/5/2009 7:21:33 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    12/5/2009 7:21:33 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    12/10/2009 7:24:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm KLIF
    12/10/2009 7:23:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    12/10/2009 7:23:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    ==== End Of File ===========================


    Please help me ASAP i've been looking for two weeks for an answer and haven't found any! :(
     
    Last edited: 2009/12/13
    Hendrix,
    #1
  2. 2009/12/13
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,890
    Likes Received:
    387
    Welcome to WindowsBBS :)

    Please do not use CODE tags for logs - it makes them inpossible to read.

    One of our malware experts will take a look at your logs shortly.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2009/12/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    fidbox.dat files are not malicious. They're related to Kaspersky.
    I see, you had it installed at some point and some leftovers are still there:
    - R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys
    I assume, AVG is your current AV program?
    If so, run Kaspersky Removal Tool: http://support.kaspersky.com/downloads/products2009/kavremover9.zip

    When done....

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Please, never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE. If Combofix asks you to install Recovery Console, please allow it.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
    broni,
    #3
  5. 2009/12/13
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    Not working

    Well, the day i posted this topic, i downloaded Kaspersky , but never installed it. so the remover didn't detect it. and the Combofix links aren't working, it says it's unavailable.

    I am using AVG by the way.
     
    Hendrix,
    #4
  6. 2009/12/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yeah, Combofix is temporarily not available. I only found out about it recently.
    I'm sending you PM with different Combofix download link.
    Follow very same instructions as in my reply #3, but DO NOT attempt to update Combofix, if asked to.
    Post the log back here.
     
    broni,
    #5
  7. 2009/12/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    ******************************************************************************************
    Due to a bug in Malwarebytes, you may see in MBAM's log following entries:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi (Rootkit)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi (Rootkit)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi (Rootkit)
    DO NOT remove those entries!
    If you do, your computer will become UN-bootable.
    The issue has been fixed in the latest MBAM update, so, it's EXTREMELY important, you update MBAM before you run it.
    ****************************************************************************************

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #6
  8. 2009/12/13
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    Alright, will do this soon, should i disable my anti-virus program when i do this?
     
    Hendrix,
    #7
  9. 2009/12/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No...
     
    broni,
    #8
  10. 2009/12/13
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    I meant my AVG one.
     
    Hendrix,
    #9
  11. 2009/12/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No...
     
    broni,
    #10
  12. 2009/12/13
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    Okay, I'll post the logs, but since i didn't have time, I found it useless to run a mbam scan, since i have done it before a million times but nothing ever showed up, but if you need it, i'll post it.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/13/2009 at 06:14 PM

    Application Version : 4.31.1000

    Core Rules Database Version : 4365
    Trace Rules Database Version: 2207

    Scan type : Complete Scan
    Total Scan Time : 01:42:54

    Memory items scanned : 235
    Memory threats detected : 0
    Registry items scanned : 4850
    Registry threats detected : 0
    File items scanned : 16304
    File threats detected : 0


    GMER 1.0.15.15279 - http://www.gmer.net
    Rootkit scan 2009-12-13 19:42:00
    Windows 5.1.2600 Service Pack 3
    Running: d3hq2q7j.exe; Driver: C:\DOCUME~1\HOMECO~1\LOCALS~1\Temp\pxtdypod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xF1F69A00]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xF1F69730]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xF1F698A0]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xF1F6A340]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF1F69F90]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xF1F6AC60]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xF1F69B60]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xF1F67F80]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xF1F69520]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xF1F6A170]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xF1F6A910]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xF1F6AC10]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xF1F6AF90]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xF1F6B560]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xF1F66C40]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xF1F6ABC0]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xF1F682F0]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xF1F6A760]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xF1F69A20]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xF1F65D40]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xF1F65D50]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xF1F65D60]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xF1F65D80]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xF1F65DA0]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xF1F65DD0]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xF1F65DE0]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xF1F65E00]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xF1F65E10]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xF1F65ED0]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xF1F65FA0]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xF1F65FE0]
    SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xF1F66020]

    Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP F1F6B980 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
    .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP F1F6BE80 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF67CE000, 0x1C5D38, 0xE8000020]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 7:47:16 PM, on 12/13/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;cf.netzero.net;qs.netzero.net;*.quicken.com;*.pogo.com;<local>;*.local
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255460484812
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Unknown owner - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (file missing)
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

    --
    End of file - 6333 bytes
     
    Hendrix,
    #11
  13. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    All looks pretty clean. Let's take care of those files, that bother you...


    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #12
  14. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    ..

    Ok, I'll do this, by the way, i heard somewhere that the viruses or spyware can come back if you have system restore on, so i had my system restore off for a while, is it safe to turn it on before i do the OTL or after?
     
    Hendrix,
    #13
  15. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer seems to be clean, so you can turn system restore on.
     
    broni,
    #14
  16. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    OTL logfile created on: 12/14/2009 5:52:00 PM - Run 1
    OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\HomeComputer\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.48 Mb Total Physical Memory | 532.84 Mb Available Physical Memory | 55.59% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): C:\pagefile.sys 6000 8192 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 92.35 Gb Free Space | 82.62% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: FAMILY
    Current User Name: HomeComputer
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2009/12/14 17:48:07 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HomeComputer\My Documents\Downloads\OTL.exe
    PRC - [2009/12/10 12:26:39 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2009/12/10 12:26:36 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2009/12/10 12:26:35 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2009/12/04 21:42:07 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2009/12/04 21:41:55 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2009/12/04 21:41:43 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
    PRC - [2009/12/04 21:41:43 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
    PRC - [2009/12/04 21:41:42 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2009/11/17 01:17:38 | 00,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    PRC - [2009/11/17 01:15:36 | 01,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
    PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2009/07/21 07:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
    PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2009/12/14 17:48:07 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HomeComputer\My Documents\Downloads\OTL.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (nmservice)
    SRV - [2009/12/04 21:41:43 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2009/12/04 21:41:42 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2009/12/03 18:06:54 | 00,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2009/11/17 01:15:36 | 01,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2009/11/17 01:12:10 | 00,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
    SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/07/21 09:40:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
    SRV - [2009/07/21 07:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
    SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;cf.netzero.net;qs.netzero.net;*.quicken.com;*.pogo.com;<local>;*.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
    FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
    FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
    FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.6.0623
    FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.5
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
    FF - prefs.js..network.proxy.http: "127.0.0.1 "
    FF - prefs.js..network.proxy.http_port: 7900
    FF - prefs.js..network.proxy.no_proxies_on: "searchap.untd.com,127.0.0.1,localhost,*microsoft.com,*windowsupdate.com,*wustat.windows.com,*test-speed.com,liveupdate.symantecliveupdate.com,*symantec.com,*.nai.com,*.networkassociates.com,cf.netzero.net,qs.netzero.net,*.quicken.com,*.pogo.com,localhost,127.0.0.1 "
    FF - prefs.js..network.proxy.type: 4


    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/10 12:28:02 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/10 18:48:36 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/24 18:33:22 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/01 19:20:31 | 00,000,000 | ---D | M]

    [2009/10/14 14:34:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Extensions
    [2009/12/12 19:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions
    [2009/11/22 10:58:36 | 00,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
    [2009/11/28 17:39:53 | 00,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    [2009/11/21 12:01:04 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
    [2009/12/12 19:35:06 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2009/11/15 14:44:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions\firebug@software.joehewitt.com
    [2009/11/21 12:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions\piclens@cooliris.com
    [2009/12/12 19:15:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/09/21 12:24:16 | 00,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

    O1 HOSTS File: (23 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255460484812 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/10/13 10:36:41 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/13 10:36:05 | 00,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16891947461378048)

    ========== Files/Folders - Created Within 14 Days ==========

    [2009/12/13 19:46:40 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
    [2009/12/13 18:42:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/12/13 18:42:10 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/12/13 18:42:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/12/13 16:20:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2009/12/13 16:20:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Application Data\SUPERAntiSpyware.com
    [2009/12/13 16:20:42 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2009/12/13 16:20:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2009/12/13 15:27:08 | 00,000,000 | --SD | C] -- C:\3c786fgt5
    [2009/12/13 15:27:03 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/12/11 17:52:47 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HomeComputer\Recent
    [2009/12/10 20:11:52 | 00,000,000 | -HSD | C] -- C:\RECYCLER
    [2009/12/10 19:22:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2009/12/08 16:13:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\My Documents\Paul Ekman-METT
    [2009/12/05 08:22:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Application Data\Malwarebytes
    [2009/12/05 08:08:26 | 00,000,000 | RHSD | C] -- C:\cmdcons
    [2009/12/05 08:04:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2009/12/05 07:44:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2009/12/05 07:34:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/12/05 07:32:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\My Documents\Simply Super Software
    [2009/12/05 07:31:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    [2009/12/04 22:13:32 | 00,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
    [2009/12/04 22:10:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
    [2009/12/04 22:10:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2009/12/04 22:08:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\Downloaded Installations
    [2009/12/04 21:44:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\AVG Security Toolbar
    [2009/12/04 21:42:32 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2009/12/04 21:42:32 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2009/12/04 21:42:32 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2009/12/04 21:42:24 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2009/12/04 21:42:23 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2009/12/04 21:42:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2009/12/04 21:41:40 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
    [2009/12/04 21:19:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\My Documents\AVG.I.S.8.0.199.1387
    [2009/12/04 20:56:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2009/12/04 20:56:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009/12/04 20:56:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009/12/04 20:56:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2009/12/04 19:58:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2009/12/04 19:50:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\My Documents\Spyware Doctor-6.0.0.386
    [2009/12/04 18:11:11 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
    [2009/12/04 18:08:14 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2009/12/04 17:28:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\Help
    [2009/12/04 17:28:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Application Data\Help
    [2009/12/04 17:26:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2009/12/04 17:26:49 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
    [2009/12/04 16:56:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2009/12/04 16:55:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
    [2009/12/04 16:55:34 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    [2009/12/04 16:26:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\123456789ABCDEFG
    [2009/12/03 20:46:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/12/03 20:24:05 | 00,000,000 | ---D | C] -- C:\Program Files\WinClamAVShield
    [2009/12/03 20:20:50 | 00,000,000 | ---D | C] -- C:\Program Files\Crawler
    [2009/12/03 20:20:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Application Data\Spyware Terminator
    [2009/12/03 20:20:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    [2009/12/03 20:20:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
    [2009/12/03 20:10:07 | 00,000,000 | ---D | C] -- C:\Config.Msi
    [2009/12/03 20:08:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/12/03 20:08:25 | 00,000,000 | ---D | C] -- C:\$AVG
    [2009/12/03 19:17:10 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup
    [2009/12/03 18:03:03 | 00,029,512 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
    [2009/12/03 18:03:01 | 00,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
    [2009/12/03 18:02:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Application Data\TuneUp Software
    [2009/12/03 18:01:15 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
    [2009/12/03 18:00:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2009/12/02 17:50:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
    [2009/12/01 19:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Application Data\acccore
    [2009/12/01 19:24:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\AIM
    [2009/12/01 19:24:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\AOL
    [2009/12/01 19:20:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2009/12/01 19:20:36 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
    [2009/12/01 19:20:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
    [2009/12/01 19:20:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
    [2009/11/27 14:16:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2009/11/26 10:32:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\My Documents\(TVC30) Log In As Member v1.0.1
    [2009/11/21 19:41:26 | 00,946,176 | ---- | C] (WeOnlyDo! Inc.) -- C:\WINDOWS\System32\wodFtpDLXG.OCX
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 14 Days ==========

    [2009/12/14 17:52:11 | 00,081,440 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
    [2009/12/14 17:51:47 | 02,317,088 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
    [2009/12/14 17:30:43 | 00,000,500 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
    [2009/12/14 17:28:34 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\prvlcl.dat
    [2009/12/14 16:56:31 | 46,624,539 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2009/12/14 16:56:07 | 00,123,979 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2009/12/14 16:52:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/12/14 16:52:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/12/13 20:09:32 | 00,031,724 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
    [2009/12/13 20:09:32 | 00,008,492 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
    [2009/12/13 20:09:26 | 03,145,728 | ---- | M] () -- C:\Documents and Settings\HomeComputer\ntuser.dat
    [2009/12/13 20:09:26 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\HomeComputer\ntuser.ini
    [2009/12/13 20:09:20 | 04,839,024 | -H-- | M] () -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\IconCache.db
    [2009/12/13 19:46:49 | 00,002,455 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Desktop\HiJackThis.lnk
    [2009/12/13 18:42:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/12/13 16:20:45 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/12/12 19:26:08 | 00,000,534 | ---- | M] () -- C:\WINDOWS\win.ini
    [2009/12/12 19:26:08 | 00,000,279 | RHS- | M] () -- C:\boot.ini
    [2009/12/12 19:26:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2009/12/12 12:54:46 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\Christmas List David Diaz.doc
    [2009/12/10 20:09:15 | 00,181,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/12/10 12:20:21 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2009/12/09 19:37:52 | 00,000,578 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\mini bio.rtf
    [2009/12/09 18:13:24 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\TKAM Tree.doc
    [2009/12/09 16:50:56 | 00,509,454 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2009/12/09 16:50:56 | 00,432,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/12/09 16:50:56 | 00,067,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/12/09 15:42:51 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/12/05 08:28:51 | 00,000,972 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Desktop\Shortcut to Win32kDiag.lnk
    [2009/12/04 22:15:19 | 00,003,506 | ---- | M] () -- C:\rollback.ini
    [2009/12/04 21:42:33 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
    [2009/12/04 21:42:32 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2009/12/04 21:42:32 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2009/12/04 21:42:32 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2009/12/04 21:42:24 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2009/12/04 21:42:23 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
    [2009/12/04 21:42:23 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2009/12/04 21:42:23 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2009/12/04 21:42:07 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2009/12/04 19:59:04 | 00,000,209 | ---- | M] () -- C:\Boot.bak
    [2009/12/04 18:08:15 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Desktop\CCleaner.lnk
    [2009/12/04 15:57:22 | 00,237,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys.vir
    [2009/12/03 19:17:10 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup
    [2009/12/03 18:06:51 | 00,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
    [2009/12/03 18:06:51 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities.lnk
    [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/12/02 18:38:19 | 00,002,869 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\usernav.png
    [2009/12/02 18:36:52 | 00,002,892 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\usernavborder.png
    [2009/12/02 15:58:16 | 00,030,376 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2009/12/01 19:24:05 | 00,000,459 | -H-- | M] () -- C:\IPH.PH
    [2009/12/01 19:20:40 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
    [2009/11/30 18:23:32 | 01,218,177 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\math.psd
    [2009/11/30 18:22:04 | 00,020,768 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\r.png
    [2009/11/30 17:27:44 | 00,175,891 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\bw.psd
    [2009/11/29 19:09:04 | 00,000,412 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\spider.sav
    [2009/11/29 19:03:18 | 00,000,288 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\SAMANTHA ROOM FUTURE.rtf
    [2009/11/29 18:39:39 | 00,002,856 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\miceandmen.rtf
    [2009/11/29 16:18:58 | 00,399,305 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\body_bg.png
    [2009/11/28 19:28:42 | 00,003,831 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\admin.png
    [2009/11/28 19:27:05 | 00,003,616 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\staff.png
    [2009/11/27 17:56:11 | 00,033,082 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\lol.jpg
    [2009/11/27 14:16:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2009/11/27 14:06:22 | 01,201,214 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\chrisbrown.psd
    [2009/11/26 17:46:56 | 00,008,662 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\f_read.png
    [2009/11/26 17:46:27 | 00,008,723 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\f_unread.png
    [2009/11/26 11:38:14 | 00,004,932 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\whitetrans.png
    [2009/11/26 11:34:15 | 00,218,806 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\logo.png
    [2009/11/26 10:55:32 | 00,926,894 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\horselogo.psd
    [2009/11/25 21:32:19 | 00,276,222 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\acplogo.psd
    [2009/11/25 21:32:06 | 00,155,654 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\staff.psd
    [2009/11/25 21:05:52 | 00,002,870 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\branding_bg.png
    [2009/11/25 19:13:12 | 00,003,220 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\transbright.png
    [2009/11/25 18:54:52 | 00,004,794 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\transart.png
    [2009/11/25 12:31:52 | 00,000,153 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\acp_bar.png
    [2009/11/25 12:23:23 | 00,337,555 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\trans_bird.png
    [2009/11/25 08:31:17 | 00,002,868 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\gmap2.png
    [2009/11/25 08:19:27 | 00,002,876 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\gmap.png
    [2009/11/24 18:21:56 | 00,002,803 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\trans40.png
    [2009/11/24 18:13:01 | 00,002,803 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\trans.png
    [2009/11/23 16:22:20 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2009/11/22 16:15:00 | 00,000,178 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\Webhost.rtf
    [2009/11/22 15:27:25 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Desktop\FlashFXP.lnk
    [2009/11/22 14:26:50 | 00,004,010 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\cat_right.png
    [2009/11/22 14:25:37 | 00,003,193 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\catend_tile.png
    [2009/11/22 14:20:09 | 00,446,078 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\body-bg.png
    [2009/11/22 14:08:40 | 00,004,163 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\cat_left.png
    [2009/11/22 13:01:40 | 00,002,961 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\tile_cat.png
    [2009/11/22 12:37:36 | 00,003,039 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\f_cat_read.png
    [2009/11/22 12:36:41 | 00,003,055 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\f_cat_unread.png
    [2009/11/22 12:04:56 | 00,000,202 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\tab_left.png
    [2009/11/21 19:43:35 | 01,345,040 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\dave.psd
    [2009/11/21 13:34:24 | 01,140,174 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\nazis.psd
    [2009/11/19 18:46:39 | 00,029,833 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\avy.png
    [2009/11/19 15:57:45 | 00,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
    [2009/11/19 15:56:53 | 08,673,792 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
    [2009/11/17 01:17:58 | 00,029,512 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
    [2009/11/17 01:12:10 | 00,030,024 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2009/12/13 19:46:40 | 00,002,455 | ---- | C] () -- C:\Documents and Settings\HomeComputer\Desktop\HiJackThis.lnk
    [2009/12/13 18:42:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/12/13 16:20:45 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/12/12 12:33:23 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\Christmas List David Diaz.doc
    [2009/12/09 19:37:52 | 00,000,578 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\mini bio.rtf
    [2009/12/09 18:13:23 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\TKAM Tree.doc
    [2009/12/05 08:28:51 | 00,000,972 | ---- | C] () -- C:\Documents and Settings\HomeComputer\Desktop\Shortcut to Win32kDiag.lnk
    [2009/12/05 08:08:38 | 00,000,209 | ---- | C] () -- C:\Boot.bak
    [2009/12/05 08:08:29 | 00,260,272 | ---- | C] () -- C:\cmldr
    [2009/12/04 22:15:31 | 00,008,492 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
    [2009/12/04 22:15:18 | 00,003,506 | ---- | C] () -- C:\rollback.ini
    [2009/12/04 21:42:33 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
    [2009/12/04 21:42:23 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
    [2009/12/04 21:42:23 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2009/12/04 21:42:23 | 00,123,979 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2009/12/04 21:42:07 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2009/12/04 21:41:57 | 46,624,539 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2009/12/04 18:08:14 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\HomeComputer\Desktop\CCleaner.lnk
    [2009/12/04 15:56:33 | 00,237,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys.vir
    [2009/12/03 20:07:19 | 03,145,728 | ---- | C] () -- C:\Documents and Settings\HomeComputer\ntuser.dat
    [2009/12/03 18:03:10 | 00,000,500 | ---- | C] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
    [2009/12/03 18:02:55 | 00,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
    [2009/12/03 18:02:55 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities.lnk
    [2009/12/03 17:58:25 | 01,461,006 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\dot_splatter_3.abr
    [2009/12/02 18:33:07 | 00,002,892 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\usernavborder.png
    [2009/12/02 18:29:04 | 00,002,869 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\usernav.png
    [2009/12/01 19:20:40 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
    [2009/12/01 19:19:02 | 00,000,459 | -H-- | C] () -- C:\IPH.PH
    [2009/12/01 18:09:42 | 00,043,268 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\Amputa Bangiz.ttf
    [2009/11/30 18:17:41 | 01,218,177 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\math.psd
    [2009/11/30 17:27:43 | 00,175,891 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\bw.psd
    [2009/11/29 19:09:04 | 00,000,412 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\spider.sav
    [2009/11/29 19:03:18 | 00,000,288 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\SAMANTHA ROOM FUTURE.rtf
    [2009/11/29 18:39:39 | 00,002,856 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\miceandmen.rtf
    [2009/11/27 17:54:09 | 00,033,082 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\lol.jpg
    [2009/11/27 14:06:21 | 01,201,214 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\chrisbrown.psd
    [2009/11/26 11:37:07 | 00,004,932 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\whitetrans.png
    [2009/11/26 10:09:05 | 00,003,798 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\ban_member.png
    [2009/11/26 10:09:05 | 00,003,640 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\unban_member.png
    [2009/11/25 21:32:18 | 00,276,222 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\acplogo.psd
    [2009/11/25 21:32:06 | 00,155,654 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\staff.psd
    [2009/11/25 21:30:51 | 00,003,616 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\staff.png
    [2009/11/25 21:27:50 | 00,003,831 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\admin.png
    [2009/11/25 21:05:51 | 00,002,870 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\branding_bg.png
    [2009/11/25 21:00:05 | 00,008,662 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\f_read.png
    [2009/11/25 20:59:36 | 00,008,723 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\f_unread.png
    [2009/11/25 20:56:47 | 00,926,894 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\horselogo.psd
    [2009/11/25 19:11:06 | 00,003,220 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\transbright.png
    [2009/11/25 18:54:50 | 00,004,794 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\transart.png
    [2009/11/25 18:50:05 | 00,399,305 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\body_bg.png
    [2009/11/25 12:30:35 | 00,000,153 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\acp_bar.png
    [2009/11/25 12:23:19 | 00,337,555 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\trans_bird.png
    [2009/11/25 08:27:28 | 00,002,868 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\gmap2.png
    [2009/11/24 18:28:16 | 00,002,876 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\gmap.png
    [2009/11/24 18:21:56 | 00,002,803 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\trans40.png
    [2009/11/24 18:12:48 | 00,002,803 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\trans.png
    [2009/11/23 16:24:28 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2009/11/23 16:22:20 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2009/11/22 16:15:00 | 00,000,178 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\Webhost.rtf
    [2009/11/22 15:27:25 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\HomeComputer\Desktop\FlashFXP.lnk
    [2009/11/22 13:01:39 | 00,002,961 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\tile_cat.png
    [2009/11/22 12:57:22 | 00,003,193 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\catend_tile.png
    [2009/11/22 12:54:07 | 00,004,010 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\cat_right.png
    [2009/11/22 12:51:19 | 00,004,163 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\cat_left.png
    [2009/11/22 12:37:36 | 00,003,039 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\f_cat_read.png
    [2009/11/22 12:34:29 | 00,003,055 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\f_cat_unread.png
    [2009/11/22 12:17:50 | 00,218,806 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\logo.png
    [2009/11/22 12:04:22 | 00,000,202 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\tab_left.png
    [2009/11/22 11:59:41 | 00,446,078 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\body-bg.png
    [2009/11/21 19:43:33 | 01,345,040 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\dave.psd
    [2009/11/20 19:00:38 | 01,140,174 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\nazis.psd
    [2009/11/19 18:46:38 | 00,029,833 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\avy.png
    [2009/11/19 15:57:45 | 00,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
    [2009/11/03 20:02:18 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\prvlcl.dat
    [2009/10/23 17:15:33 | 08,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
    [2009/10/13 11:06:49 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2009/10/13 11:01:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/10/13 11:01:39 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
    [2009/10/13 11:01:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI

    ========== LOP Check ==========

    [2009/12/01 19:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2009/12/10 12:39:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2009/12/04 21:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/11/03 20:24:35 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2009/11/22 15:26:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
    [2009/12/05 07:24:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2009/12/04 21:53:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2009/12/05 07:31:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    [2009/12/04 16:54:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    [2009/12/07 20:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/12/03 18:01:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2009/11/23 16:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/12/04 16:55:34 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    [2009/12/01 19:24:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HomeComputer\Application Data\acccore
    [2009/11/03 20:25:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HomeComputer\Application Data\Canon
    [2009/12/04 16:54:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HomeComputer\Application Data\Spyware Terminator
    [2009/10/28 18:05:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HomeComputer\Application Data\TeamViewer
    [2009/12/03 18:02:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HomeComputer\Application Data\TuneUp Software
    [2009/12/14 17:30:43 | 00,000,500 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\drivers\agp440.sys
    [2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\drivers\atapi.sys
    [2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/10 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/10 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: IASTOR.SYS >
    [2005/10/12 12:07:12 | 00,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\drivers\iastor.sys

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/10 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/10 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    ========== Files - Unicode (All) ==========
    [2009/11/15 13:38:52 | 00,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Æ) -- C:\WINDOWS\System32\游Æ
    [2009/11/15 13:38:52 | 00,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Æ) -- C:\WINDOWS\System32\游Æ

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    < End of report >



    By the way, the fidboxes are still showing up in Processexplorer. :\ Somehow they're locked, and that's why they can't be removed.
     
    Last edited: 2009/12/14
    Hendrix,
    #15
  17. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    OTL Extras logfile created on: 12/14/2009 5:52:00 PM - Run 1
    OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\HomeComputer\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.48 Mb Total Physical Memory | 532.84 Mb Available Physical Memory | 55.59% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): C:\pagefile.sys 6000 8192 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 92.35 Gb Free Space | 82.62% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: FAMILY
    Current User Name: HomeComputer
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
    .html [@ = FirefoxHTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe "

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
    "C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
    "{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
    "{0CA14F11-6F47-4613-8E40-6AC088E464A0}" = Cisco Network Magic
    "{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
    "{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
    "{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
    "{3B1A4366-8DFA-4582-91F6-27F7A4714FCC}" = Pure Networks Platform
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
    "{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
    "{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
    "{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
    "{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
    "{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
    "{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
    "{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
    "{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
    "{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
    "{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
    "{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
    "{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
    "{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
    "{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
    "{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
    "{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
    "{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
    "{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AIM_7" = AIM 7
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "AVG9Uninstall" = AVG 9.0
    "CCleaner" = CCleaner
    "CleanUp!" = CleanUp!
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "HijackThis" = HijackThis 2.0.2
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
    "MP Navigator 3.0" = Canon MP Navigator 3.0
    "Network MagicUninstall" = Network Magic
    "Security Task Manager" = Security Task Manager 1.7h
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "TeamViewer 4" = TeamViewer 4
    "Time Stopper2.00" = Time Stopper
    "TuneUp Utilities" = TuneUp Utilities
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/3/2009 10:15:41 PM | Computer Name = FAMILY | Source = Application Error | ID = 1000
    Description = Faulting application integrator.exe, version 9.0.2020.1, faulting
    module rtl120.bpl, version 12.0.3210.17555, fault address 0x000095d0.

    Error - 12/3/2009 11:19:49 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application OneClick.exe, version 9.0.2020.1, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/3/2009 11:28:09 PM | Computer Name = FAMILY | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 12/3/2009 11:41:13 PM | Computer Name = FAMILY | Source = Application Error | ID = 1000
    Description = Faulting application integrator.exe, version 9.0.2020.1, faulting
    module integrator.exe, version 9.0.2020.1, fault address 0x000345a2.

    Error - 12/3/2009 11:47:33 PM | Computer Name = FAMILY | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 12/4/2009 12:01:25 AM | Computer Name = FAMILY | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 12/4/2009 12:27:55 AM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 12/5/2009 11:24:37 AM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11306
    Description = Product: ParetoLogic Anti-Virus PLUS -- Error 1306.Another application
    has exclusive access to the file C:\Documents and Settings\All Users\Application
    Data\ParetoLogic Anti-Virus PLUS\6\Ignore.db. Please shut down all other applications,
    then click Retry.

    Error - 12/10/2009 11:28:38 PM | Computer Name = FAMILY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 12/14/2009 9:51:05 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application OTL.exe, version 3.1.17.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 11/15/2009 5:13:26 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/15/2009 8:15:24 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/15/2009 9:14:02 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/15/2009 11:55:40 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/16/2009 7:46:47 PM | Computer Name = FAMILY | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the Interface
    with IP address 192.168.0.103. The machine with the IP address 192.168.0.101 did
    not allow the name to be claimed by this machine.

    Error - 11/16/2009 7:56:32 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/16/2009 8:49:10 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/16/2009 9:04:13 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/18/2009 9:28:00 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Pure Networks Platform
    Service service to connect.

    Error - 11/18/2009 9:28:00 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
    Description = The Pure Networks Platform Service service failed to start due to
    the following error: %%1053


    < End of report >
     
    Hendrix,
    #16
  18. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - No CLSID value found.
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2009/12/13 15:27:08 | 00,000,000 | --SD | C] -- C:\3c786fgt5
[2009/12/13 15:27:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/04 22:13:32 | 00,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/12/14 17:52:11 | 00,081,440 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/14 17:51:47 | 02,317,088 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/14 17:28:34 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\prvlcl.dat
[2009/12/13 20:09:32 | 00,031,724 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/13 20:09:32 | 00,008,492 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/04 15:57:22 | 00,237,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys.vir


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
    broni,
    #17
  19. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    During the middle of the scan, i get this error message
    [​IMG]
    then the scan stops.
     
    Hendrix,
    #18
  20. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Use the following code instead:

     
    broni,
    #19
  21. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    Hendrix,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...