1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved fidbox.idx(more) are taking up excessive space - Malware

Discussion in 'Malware and Virus Removal Archive' started by Hendrix, 2009/12/12.

  1. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Skip this entry in a script:
    [2009/12/13 15:27:08 | 00,000,000 | --SD | C] -- C:\3c786fgt5
     
  2. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    Now i'm getting the same error but with the "[2009/12/13 15:27:03 | 00,000,000 | ---D | C] -- C:\Qoobox" and i think it's going to keep giving me errors with all of them. should i change the time from 15:27:03 to 3:27:03?
     

  3. to hide this advert.

  4. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, skip Qoobox line and try again.
     
  5. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    Same error, but with the "[2009/12/04 22:13:32 | 00,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys" line......
     
  6. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Hold on for a moment...
     
  7. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    Alright, thanks for you're patience. :)
     
  8. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Delete your copy of OTL.....


    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


    * Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    The Extra.txt didn't show up, is it because i didn't have the "LOP Check" and "Purity Check" boxes checked? I also have to split the OTL log into 2 because it's too long.


    OTL logfile created on: 12/14/2009 7:33:05 PM - Run 2
    OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\HomeComputer\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.48 Mb Total Physical Memory | 431.70 Mb Available Physical Memory | 45.04% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): C:\pagefile.sys 6000 8192 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 92.32 Gb Free Space | 82.59% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: FAMILY
    Current User Name: HomeComputer
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2009/12/14 19:32:20 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HomeComputer\My Documents\Downloads\OTL.exe
    PRC - [2009/12/10 12:26:39 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2009/12/10 12:26:36 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2009/12/10 12:26:35 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2009/12/04 21:42:07 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2009/12/04 21:41:55 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2009/12/04 21:41:43 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
    PRC - [2009/12/04 21:41:43 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
    PRC - [2009/12/04 21:41:42 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2009/11/17 01:17:38 | 00,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    PRC - [2009/11/17 01:15:36 | 01,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    PRC - [2009/11/07 20:40:38 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
    PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2009/07/21 07:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
    PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2009/12/14 19:32:20 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HomeComputer\My Documents\Downloads\OTL.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (nmservice)
    SRV - [2009/12/04 21:41:43 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2009/12/04 21:41:42 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2009/12/03 18:06:54 | 00,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2009/11/17 01:15:36 | 01,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2009/11/17 01:12:10 | 00,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
    SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/07/21 09:40:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
    SRV - [2009/07/21 07:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
    SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)


    ========== Driver Services (SafeList) ==========

    DRV - [2009/12/04 21:42:32 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2009/12/04 21:42:32 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
    DRV - [2009/12/04 21:42:24 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2009/12/04 21:42:23 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2009/11/23 08:43:30 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/11/23 08:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/11/23 08:43:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2009/10/14 07:24:44 | 00,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2009/07/21 08:30:48 | 03,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2009/02/18 14:41:10 | 00,186,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
    DRV - [2008/12/12 18:05:20 | 00,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
    DRV - [2008/12/12 18:05:18 | 00,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
    DRV - [2008/04/13 21:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
    DRV - [2006/07/21 06:10:44 | 04,011,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/08/10 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
    DRV - [2004/08/10 02:39:56 | 00,019,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
    DRV - [2004/08/03 14:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2002/09/23 13:49:44 | 00,068,672 | ---- | M] (2Wire, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\2WirePCP.sys -- (2WIREPCP)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;cf.netzero.net;qs.netzero.net;*.quicken.com;*.pogo.com;<local>;*.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
    FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
    FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
    FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.6.0623
    FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.5
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
    FF - prefs.js..network.proxy.http: "127.0.0.1 "
    FF - prefs.js..network.proxy.http_port: 7900
    FF - prefs.js..network.proxy.no_proxies_on: "searchap.untd.com,127.0.0.1,localhost,*microsoft.com,*windowsupdate.com,*wustat.windows.com,*test-speed.com,liveupdate.symantecliveupdate.com,*symantec.com,*.nai.com,*.networkassociates.com,cf.netzero.net,qs.netzero.net,*.quicken.com,*.pogo.com,localhost,127.0.0.1 "
    FF - prefs.js..network.proxy.type: 4


    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/10 12:28:02 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/10 18:48:36 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/24 18:33:22 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/01 19:20:31 | 00,000,000 | ---D | M]

    [2009/10/14 14:34:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Extensions
    [2009/12/12 19:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions
    [2009/11/22 10:58:36 | 00,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
    [2009/11/28 17:39:53 | 00,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    [2009/11/21 12:01:04 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
    [2009/12/12 19:35:06 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2009/11/15 14:44:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions\firebug@software.joehewitt.com
    [2009/11/21 12:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HomeComputer\Application Data\Mozilla\Firefox\Profiles\cc4w1vaz.default\extensions\piclens@cooliris.com
    [2009/12/12 19:15:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/09/21 12:24:16 | 00,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

    O1 HOSTS File: (23 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255460484812 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/10/13 10:36:41 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/13 10:36:05 | 00,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
    NetSvcs: WmdmPmSp - File not found

    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
    MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
    MsConfig - StartUpReg: ISTray - hkey= - key= - C:\Program Files\Spyware Doctor\pctsTray.exe File not found
    MsConfig - StartUpReg: nmapp - hkey= - key= - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
    MsConfig - StartUpReg: nmctxth - hkey= - key= - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
    ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
    Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/12/13 19:46:40 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
    [2009/12/13 18:42:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/12/13 18:42:10 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/12/13 18:42:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/12/13 16:20:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2009/12/13 16:20:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Application Data\SUPERAntiSpyware.com
    [2009/12/13 16:20:42 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2009/12/13 16:20:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2009/12/13 15:27:08 | 00,000,000 | --SD | C] -- C:\3c786fgt5
    [2009/12/13 15:27:03 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/12/11 17:52:47 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HomeComputer\Recent
    [2009/12/10 20:11:52 | 00,000,000 | -HSD | C] -- C:\RECYCLER
    [2009/12/10 19:22:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2009/12/08 16:13:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\My Documents\Paul Ekman-METT
    [2009/12/05 08:22:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Application Data\Malwarebytes
    [2009/12/05 08:08:26 | 00,000,000 | RHSD | C] -- C:\cmdcons
    [2009/12/05 08:04:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2009/12/05 07:44:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2009/12/05 07:34:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/12/05 07:32:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\My Documents\Simply Super Software
    [2009/12/05 07:31:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    [2009/12/04 22:13:32 | 00,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
    [2009/12/04 22:10:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
    [2009/12/04 22:10:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2009/12/04 22:08:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\Downloaded Installations
    [2009/12/04 21:44:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\AVG Security Toolbar
    [2009/12/04 21:42:32 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2009/12/04 21:42:32 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2009/12/04 21:42:32 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2009/12/04 21:42:24 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2009/12/04 21:42:23 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2009/12/04 21:42:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2009/12/04 21:41:40 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
    [2009/12/04 21:19:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\My Documents\AVG.I.S.8.0.199.1387
    [2009/12/04 20:56:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2009/12/04 20:56:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009/12/04 20:56:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009/12/04 20:56:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2009/12/04 19:58:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2009/12/04 19:50:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\My Documents\Spyware Doctor-6.0.0.386
    [2009/12/04 18:11:11 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
    [2009/12/04 18:08:14 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2009/12/04 17:28:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\Help
    [2009/12/04 17:28:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Application Data\Help
    [2009/12/04 17:26:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2009/12/04 17:26:49 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
    [2009/12/04 16:56:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2009/12/04 16:55:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
    [2009/12/04 16:55:34 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    [2009/12/04 16:26:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\123456789ABCDEFG
    [2009/12/03 20:46:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/12/03 20:24:05 | 00,000,000 | ---D | C] -- C:\Program Files\WinClamAVShield
    [2009/12/03 20:20:50 | 00,000,000 | ---D | C] -- C:\Program Files\Crawler
    [2009/12/03 20:20:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Application Data\Spyware Terminator
    [2009/12/03 20:20:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    [2009/12/03 20:20:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
    [2009/12/03 20:10:07 | 00,000,000 | ---D | C] -- C:\Config.Msi
    [2009/12/03 20:08:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/12/03 20:08:25 | 00,000,000 | ---D | C] -- C:\$AVG
    [2009/12/03 19:17:10 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup
    [2009/12/03 18:03:03 | 00,029,512 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
    [2009/12/03 18:03:01 | 00,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
    [2009/12/03 18:02:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Application Data\TuneUp Software
    [2009/12/03 18:01:15 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
    [2009/12/03 18:00:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2009/12/02 17:50:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
    [2009/12/01 19:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Application Data\acccore
    [2009/12/01 19:24:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\AIM
    [2009/12/01 19:24:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\AOL
    [2009/12/01 19:20:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2009/12/01 19:20:36 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
    [2009/12/01 19:20:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
    [2009/12/01 19:20:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
    [2009/11/27 14:16:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2009/11/26 10:32:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\My Documents\(TVC30) Log In As Member v1.0.1
    [2009/11/23 16:25:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Application Data\Apple Computer
    [2009/11/23 16:24:19 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
    [2009/11/23 16:24:19 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
    [2009/11/23 16:23:28 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
    [2009/11/23 16:23:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/11/23 16:23:23 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2009/11/23 16:22:47 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2009/11/23 16:21:58 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2009/11/23 16:21:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2009/11/22 15:26:11 | 00,000,000 | ---D | C] -- C:\Program Files\FlashFXP
    [2009/11/22 15:26:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
    [2009/11/21 19:41:26 | 00,946,176 | ---- | C] (WeOnlyDo! Inc.) -- C:\WINDOWS\System32\wodFtpDLXG.OCX
    [2009/11/21 19:41:26 | 00,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
    [2009/11/21 19:41:25 | 00,000,000 | ---D | C] -- C:\Program Files\GoFTP
    [2009/11/21 12:02:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\Cooliris
    [2009/11/19 15:57:36 | 00,000,000 | ---D | C] -- C:\Program Files\Pure Networks
    [2009/11/19 15:56:13 | 00,023,984 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
    [2009/11/19 15:56:07 | 00,025,264 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
    [2009/11/19 15:55:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
    [2009/11/19 15:54:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2009/12/14 19:31:47 | 02,354,720 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
    [2009/12/14 19:28:36 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\prvlcl.dat
    [2009/12/14 18:47:44 | 00,041,230 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\error.PNG
    [2009/12/14 18:09:22 | 00,000,500 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
    [2009/12/14 18:08:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/12/14 18:08:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/12/14 18:04:23 | 03,145,728 | ---- | M] () -- C:\Documents and Settings\HomeComputer\ntuser.dat
    [2009/12/14 18:02:49 | 00,081,696 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
    [2009/12/14 16:56:31 | 46,624,539 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2009/12/14 16:56:07 | 00,123,979 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2009/12/13 20:09:32 | 00,031,724 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
    [2009/12/13 20:09:32 | 00,008,492 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
    [2009/12/13 20:09:26 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\HomeComputer\ntuser.ini
    [2009/12/13 20:09:20 | 04,839,024 | -H-- | M] () -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\IconCache.db
    [2009/12/13 19:46:49 | 00,002,455 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Desktop\HiJackThis.lnk
    [2009/12/13 18:42:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/12/13 16:20:45 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/12/12 19:26:08 | 00,000,534 | ---- | M] () -- C:\WINDOWS\win.ini
    [2009/12/12 19:26:08 | 00,000,279 | RHS- | M] () -- C:\boot.ini
    [2009/12/12 19:26:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2009/12/12 12:54:46 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\Christmas List David Diaz.doc
    [2009/12/10 20:09:15 | 00,181,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/12/10 12:20:21 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2009/12/09 19:37:52 | 00,000,578 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\mini bio.rtf
    [2009/12/09 18:13:24 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\TKAM Tree.doc
    [2009/12/09 16:50:56 | 00,509,454 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2009/12/09 16:50:56 | 00,432,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/12/09 16:50:56 | 00,067,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/12/09 15:42:51 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/12/05 08:28:51 | 00,000,972 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Desktop\Shortcut to Win32kDiag.lnk
    [2009/12/04 22:15:19 | 00,003,506 | ---- | M] () -- C:\rollback.ini
    [2009/12/04 21:42:33 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
    [2009/12/04 21:42:32 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2009/12/04 21:42:32 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2009/12/04 21:42:32 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2009/12/04 21:42:24 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2009/12/04 21:42:23 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
    [2009/12/04 21:42:23 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2009/12/04 21:42:23 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2009/12/04 21:42:07 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2009/12/04 19:59:04 | 00,000,209 | ---- | M] () -- C:\Boot.bak
    [2009/12/04 18:08:15 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Desktop\CCleaner.lnk
    [2009/12/04 15:57:22 | 00,237,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys.vir
    [2009/12/03 19:17:10 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup
    [2009/12/03 18:06:51 | 00,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
    [2009/12/03 18:06:51 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities.lnk
    [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/12/02 18:38:19 | 00,002,869 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\usernav.png
    [2009/12/02 18:36:52 | 00,002,892 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\usernavborder.png
    [2009/12/02 15:58:16 | 00,030,376 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2009/12/01 19:24:05 | 00,000,459 | -H-- | M] () -- C:\IPH.PH
    [2009/12/01 19:20:40 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
    [2009/11/30 18:23:32 | 01,218,177 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\math.psd
    [2009/11/30 18:22:04 | 00,020,768 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\r.png
    [2009/11/30 17:27:44 | 00,175,891 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\bw.psd
    [2009/11/29 19:09:04 | 00,000,412 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\spider.sav
    [2009/11/29 19:03:18 | 00,000,288 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\SAMANTHA ROOM FUTURE.rtf
    [2009/11/29 18:39:39 | 00,002,856 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\miceandmen.rtf
    [2009/11/29 16:18:58 | 00,399,305 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\body_bg.png
    [2009/11/28 19:28:42 | 00,003,831 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\admin.png
    [2009/11/28 19:27:05 | 00,003,616 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\staff.png
    [2009/11/27 17:56:11 | 00,033,082 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\lol.jpg
    [2009/11/27 14:16:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2009/11/27 14:06:22 | 01,201,214 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\chrisbrown.psd
    [2009/11/26 17:46:56 | 00,008,662 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\f_read.png
    [2009/11/26 17:46:27 | 00,008,723 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\f_unread.png
    [2009/11/26 11:38:14 | 00,004,932 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\whitetrans.png
    [2009/11/26 11:34:15 | 00,218,806 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\logo.png
    [2009/11/26 10:55:32 | 00,926,894 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\horselogo.psd
    [2009/11/25 21:32:19 | 00,276,222 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\acplogo.psd
    [2009/11/25 21:32:06 | 00,155,654 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\staff.psd
    [2009/11/25 21:05:52 | 00,002,870 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\branding_bg.png
    [2009/11/25 19:13:12 | 00,003,220 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\transbright.png
    [2009/11/25 18:54:52 | 00,004,794 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\transart.png
    [2009/11/25 12:31:52 | 00,000,153 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\acp_bar.png
    [2009/11/25 12:23:23 | 00,337,555 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\trans_bird.png
    [2009/11/25 08:31:17 | 00,002,868 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\gmap2.png
    [2009/11/25 08:19:27 | 00,002,876 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\gmap.png
    [2009/11/24 18:21:56 | 00,002,803 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\trans40.png
    [2009/11/24 18:13:01 | 00,002,803 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\trans.png
    [2009/11/23 16:22:20 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2009/11/22 16:15:00 | 00,000,178 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\Webhost.rtf
    [2009/11/22 15:27:25 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Desktop\FlashFXP.lnk
    [2009/11/22 14:26:50 | 00,004,010 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\cat_right.png
    [2009/11/22 14:25:37 | 00,003,193 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\catend_tile.png
    [2009/11/22 14:20:09 | 00,446,078 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\body-bg.png
    [2009/11/22 14:08:40 | 00,004,163 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\cat_left.png
    [2009/11/22 13:01:40 | 00,002,961 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\tile_cat.png
    [2009/11/22 12:37:36 | 00,003,039 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\f_cat_read.png
    [2009/11/22 12:36:41 | 00,003,055 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\f_cat_unread.png
    [2009/11/22 12:04:56 | 00,000,202 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\tab_left.png
    [2009/11/21 19:43:35 | 01,345,040 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\dave.psd
    [2009/11/21 13:34:24 | 01,140,174 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\nazis.psd
    [2009/11/19 18:46:39 | 00,029,833 | ---- | M] () -- C:\Documents and Settings\HomeComputer\My Documents\avy.png
    [2009/11/19 15:57:45 | 00,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
    [2009/11/19 15:56:53 | 08,673,792 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
    [2009/11/17 01:17:58 | 00,029,512 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
    [2009/11/17 01:12:10 | 00,030,024 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
  10. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    ========== Files Created - No Company Name ==========

    [2009/12/14 18:31:17 | 00,041,230 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\error.PNG
    [2009/12/13 19:46:40 | 00,002,455 | ---- | C] () -- C:\Documents and Settings\HomeComputer\Desktop\HiJackThis.lnk
    [2009/12/13 18:42:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/12/13 16:20:45 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/12/12 12:33:23 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\Christmas List David Diaz.doc
    [2009/12/09 19:37:52 | 00,000,578 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\mini bio.rtf
    [2009/12/09 18:13:23 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\TKAM Tree.doc
    [2009/12/05 08:28:51 | 00,000,972 | ---- | C] () -- C:\Documents and Settings\HomeComputer\Desktop\Shortcut to Win32kDiag.lnk
    [2009/12/05 08:08:38 | 00,000,209 | ---- | C] () -- C:\Boot.bak
    [2009/12/05 08:08:29 | 00,260,272 | ---- | C] () -- C:\cmldr
    [2009/12/04 22:15:31 | 02,354,720 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
    [2009/12/04 22:15:31 | 00,081,696 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
    [2009/12/04 22:15:31 | 00,031,724 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
    [2009/12/04 22:15:31 | 00,008,492 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
    [2009/12/04 22:15:18 | 00,003,506 | ---- | C] () -- C:\rollback.ini
    [2009/12/04 21:42:33 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
    [2009/12/04 21:42:23 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
    [2009/12/04 21:42:23 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2009/12/04 21:42:23 | 00,123,979 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2009/12/04 21:42:07 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2009/12/04 21:41:57 | 46,624,539 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2009/12/04 18:08:14 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\HomeComputer\Desktop\CCleaner.lnk
    [2009/12/04 15:56:33 | 00,237,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys.vir
    [2009/12/03 20:07:19 | 03,145,728 | ---- | C] () -- C:\Documents and Settings\HomeComputer\ntuser.dat
    [2009/12/03 18:03:10 | 00,000,500 | ---- | C] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
    [2009/12/03 18:02:55 | 00,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
    [2009/12/03 18:02:55 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities.lnk
    [2009/12/03 17:58:25 | 01,461,006 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\dot_splatter_3.abr
    [2009/12/02 18:33:07 | 00,002,892 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\usernavborder.png
    [2009/12/02 18:29:04 | 00,002,869 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\usernav.png
    [2009/12/01 19:20:40 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
    [2009/12/01 19:19:02 | 00,000,459 | -H-- | C] () -- C:\IPH.PH
    [2009/12/01 18:09:42 | 00,043,268 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\Amputa Bangiz.ttf
    [2009/11/30 18:17:41 | 01,218,177 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\math.psd
    [2009/11/30 17:27:43 | 00,175,891 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\bw.psd
    [2009/11/29 19:09:04 | 00,000,412 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\spider.sav
    [2009/11/29 19:03:18 | 00,000,288 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\SAMANTHA ROOM FUTURE.rtf
    [2009/11/29 18:39:39 | 00,002,856 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\miceandmen.rtf
    [2009/11/27 17:54:09 | 00,033,082 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\lol.jpg
    [2009/11/27 14:06:21 | 01,201,214 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\chrisbrown.psd
    [2009/11/26 11:37:07 | 00,004,932 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\whitetrans.png
    [2009/11/26 10:09:05 | 00,003,798 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\ban_member.png
    [2009/11/26 10:09:05 | 00,003,640 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\unban_member.png
    [2009/11/25 21:32:18 | 00,276,222 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\acplogo.psd
    [2009/11/25 21:32:06 | 00,155,654 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\staff.psd
    [2009/11/25 21:30:51 | 00,003,616 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\staff.png
    [2009/11/25 21:27:50 | 00,003,831 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\admin.png
    [2009/11/25 21:05:51 | 00,002,870 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\branding_bg.png
    [2009/11/25 21:00:05 | 00,008,662 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\f_read.png
    [2009/11/25 20:59:36 | 00,008,723 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\f_unread.png
    [2009/11/25 20:56:47 | 00,926,894 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\horselogo.psd
    [2009/11/25 19:11:06 | 00,003,220 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\transbright.png
    [2009/11/25 18:54:50 | 00,004,794 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\transart.png
    [2009/11/25 18:50:05 | 00,399,305 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\body_bg.png
    [2009/11/25 12:30:35 | 00,000,153 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\acp_bar.png
    [2009/11/25 12:23:19 | 00,337,555 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\trans_bird.png
    [2009/11/25 08:27:28 | 00,002,868 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\gmap2.png
    [2009/11/24 18:28:16 | 00,002,876 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\gmap.png
    [2009/11/24 18:21:56 | 00,002,803 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\trans40.png
    [2009/11/24 18:12:48 | 00,002,803 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\trans.png
    [2009/11/23 16:24:28 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2009/11/23 16:22:20 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2009/11/22 16:15:00 | 00,000,178 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\Webhost.rtf
    [2009/11/22 15:27:25 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\HomeComputer\Desktop\FlashFXP.lnk
    [2009/11/22 13:01:39 | 00,002,961 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\tile_cat.png
    [2009/11/22 12:57:22 | 00,003,193 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\catend_tile.png
    [2009/11/22 12:54:07 | 00,004,010 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\cat_right.png
    [2009/11/22 12:51:19 | 00,004,163 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\cat_left.png
    [2009/11/22 12:37:36 | 00,003,039 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\f_cat_read.png
    [2009/11/22 12:34:29 | 00,003,055 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\f_cat_unread.png
    [2009/11/22 12:17:50 | 00,218,806 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\logo.png
    [2009/11/22 12:04:22 | 00,000,202 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\tab_left.png
    [2009/11/22 11:59:41 | 00,446,078 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\body-bg.png
    [2009/11/21 19:43:33 | 01,345,040 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\dave.psd
    [2009/11/20 19:00:38 | 01,140,174 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\nazis.psd
    [2009/11/19 18:46:38 | 00,029,833 | ---- | C] () -- C:\Documents and Settings\HomeComputer\My Documents\avy.png
    [2009/11/19 15:57:45 | 00,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
    [2009/11/03 20:02:18 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\prvlcl.dat
    [2009/10/23 17:15:33 | 08,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
    [2009/10/13 11:06:49 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2009/10/13 11:01:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/10/13 11:01:39 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
    [2009/10/13 11:01:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\drivers\agp440.sys
    [2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\drivers\atapi.sys
    [2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/10 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/10 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: IASTOR.SYS >
    [2005/10/12 12:07:12 | 00,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\drivers\iastor.sys

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/10 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/10 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Files - Unicode (All) ==========
    [2009/11/15 13:38:52 | 00,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Æ) -- C:\WINDOWS\System32\游Æ
    [2009/11/15 13:38:52 | 00,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Æ) -- C:\WINDOWS\System32\游Æ

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    < End of report >
     
  11. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    I got the Extra.txt to show up.

    OTL Extras logfile created on: 12/14/2009 7:47:28 PM - Run 2
    OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\HomeComputer\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.48 Mb Total Physical Memory | 506.89 Mb Available Physical Memory | 52.88% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): C:\pagefile.sys 6000 8192 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 92.32 Gb Free Space | 82.59% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: FAMILY
    Current User Name: HomeComputer
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
    .html [@ = FirefoxHTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe "

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
    "C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
    "{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
    "{0CA14F11-6F47-4613-8E40-6AC088E464A0}" = Cisco Network Magic
    "{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
    "{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
    "{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
    "{3B1A4366-8DFA-4582-91F6-27F7A4714FCC}" = Pure Networks Platform
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
    "{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
    "{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
    "{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
    "{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
    "{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
    "{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
    "{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
    "{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
    "{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
    "{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
    "{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
    "{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
    "{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
    "{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
    "{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
    "{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
    "{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
    "{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AIM_7" = AIM 7
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "AVG9Uninstall" = AVG 9.0
    "CCleaner" = CCleaner
    "CleanUp!" = CleanUp!
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "HijackThis" = HijackThis 2.0.2
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
    "MP Navigator 3.0" = Canon MP Navigator 3.0
    "Network MagicUninstall" = Network Magic
    "Security Task Manager" = Security Task Manager 1.7h
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "TeamViewer 4" = TeamViewer 4
    "Time Stopper2.00" = Time Stopper
    "TuneUp Utilities" = TuneUp Utilities
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/3/2009 11:19:49 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application OneClick.exe, version 9.0.2020.1, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/3/2009 11:28:09 PM | Computer Name = FAMILY | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 12/3/2009 11:41:13 PM | Computer Name = FAMILY | Source = Application Error | ID = 1000
    Description = Faulting application integrator.exe, version 9.0.2020.1, faulting
    module integrator.exe, version 9.0.2020.1, fault address 0x000345a2.

    Error - 12/3/2009 11:47:33 PM | Computer Name = FAMILY | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 12/4/2009 12:01:25 AM | Computer Name = FAMILY | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 12/4/2009 12:27:55 AM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 12/5/2009 11:24:37 AM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11306
    Description = Product: ParetoLogic Anti-Virus PLUS -- Error 1306.Another application
    has exclusive access to the file C:\Documents and Settings\All Users\Application
    Data\ParetoLogic Anti-Virus PLUS\6\Ignore.db. Please shut down all other applications,
    then click Retry.

    Error - 12/10/2009 11:28:38 PM | Computer Name = FAMILY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 12/14/2009 9:51:05 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application OTL.exe, version 3.1.17.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 12/14/2009 9:51:06 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application OTL.exe, version 3.1.17.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 11/15/2009 5:13:26 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/15/2009 8:15:24 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/15/2009 9:14:02 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/15/2009 11:55:40 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/16/2009 7:46:47 PM | Computer Name = FAMILY | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the Interface
    with IP address 192.168.0.103. The machine with the IP address 192.168.0.101 did
    not allow the name to be claimed by this machine.

    Error - 11/16/2009 7:56:32 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/16/2009 8:49:10 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/16/2009 9:04:13 PM | Computer Name = FAMILY | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    USER-PC that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{166D1B2E-9F4E-4D50-9. The master browser is stopping or an election
    is being forced.

    Error - 11/18/2009 9:28:00 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Pure Networks Platform
    Service service to connect.

    Error - 11/18/2009 9:28:00 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
    Description = The Pure Networks Platform Service service failed to start due to
    the following error: %%1053


    < End of report >
     
  12. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - No CLSID value found.
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2009/12/13 15:27:08 | 00,000,000 | --SD | C] -- C:\3c786fgt5
      [2009/12/13 15:27:03 | 00,000,000 | ---D | C] -- C:\Qoobox
      [2009/12/04 22:13:32 | 00,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
      [2009/12/14 17:52:11 | 00,081,440 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
      [2009/12/14 17:51:47 | 02,317,088 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
      [2009/12/14 17:28:34 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HomeComputer\Local Settings\Application Data\prvlcl.dat
      [2009/12/13 20:09:32 | 00,031,724 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
      [2009/12/13 20:09:32 | 00,008,492 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
      [2009/12/04 15:57:22 | 00,237,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys.vir
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [Reboot]
      
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
    Last edited: 2009/12/14
  13. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
  14. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Skip both O16 entries and try again.
     
  15. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
  16. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK. I'm not sure, what's going on here.

    Open Windows Explorer. Make sure, that hidden and system files view is enabled (Tools>Folder options>View tab).

    See, if you can delete following files and folders(if normal mode doesn't work, try safe mode):

    C:\3c786fgt5
    C:\Qoobox
    C:\WINDOWS\System32\drivers\fidbox2.dat
    C:\WINDOWS\System32\drivers\fidbox.dat
    C:\Documents and Settings\HomeComputer\Local Settings\Application Data\prvlcl.dat
    C:\WINDOWS\System32\drivers\fidbox.idx
    C:\WINDOWS\System32\drivers\fidbox2.idx
    C:\WINDOWS\System32\drivers\str.sys.vir
     
    Hendrix likes this.
  17. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    Okay, i deleted all except the fidboxes, because they couldn't be deleted, i even used KillBox.9Will it work in safe mode?)

    and are you sure you're supposed to delete 3c786fgt5? because i looked at the properties and it looked important.
     
    Last edited: 2009/12/14
  18. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    3c786fgt5 is renamed Combofix.

    I missed one file:
    C:\WINDOWS\System32\drivers\klif.sys
    I'm pretty sure, you have to delete it in Safe Mode.
    After removing klif.sys, restart again in Safe Mode and try to remove fidbox files again.
     
  19. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You may need to do THIS first:

    Go Start>Run (Vista users - "Start search "), type in:
    cmd
    Click OK (Vista users - hold CTRL, and SHIFT keys, press Enter).

    Command Prompt window will open.
    Type in:
    sc stop KLIF
    Press Enter.
    Wait for the service to be stopped.

    Type in:
    sc delete KLIF
    Press Enter.
    Wait for confirmation.

    Restart computer.
     
  20. 2009/12/14
    Hendrix

    Hendrix Inactive Thread Starter

    Joined:
    2009/12/12
    Messages:
    23
    Likes Received:
    0
    Deleted all of them! :D

    What logs do you need to make sure they're gone FOR GOOD?
     
  21. 2009/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OMG!
    I was going nuts....LOL

    Give me fresh HJT log.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.