1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Possible Virus or malware infection

Discussion in 'Malware and Virus Removal Archive' started by jerry zarb, 2010/11/28.

Page 1 of 2
  1. 2010/11/28
    jerry zarb

    jerry zarb Well-Known Member Thread Starter

    Joined:
    2002/01/26
    Messages:
    123
    Likes Received:
    0
    [Resolved] Possible Virus or malware infection

    This was my original thread posted which has resulted in the possibility of an infection. I have included all that has happened since then.
    For ease of reading, I will leave my questions reports etc. in black text and use blue for the replies.

    The start.
    I have tried to restore MY pc to an earlier time.It keps telling me that it is unable to do system restore. I read in a post here somwhere that I could go to safe mode and do it WRONG! it still won't
    Can anyone please help?

    Try following the advise in this guide.

    http://support.microsoft.com/default...b;EN-US;302796

    System Restore should work in safe mode, the service may be turned off or you have not created any restore points to go back to.

    If following the guide does not resolve the problem, as Arie has asked, please tell us what problems you are having that has promted you to do a Retsore. We will then do our best to help you using other methods.
    Thank you to Arie and markmadras.

    The reason I want to do a system restore is that I regularly download rar video files. Up till last week I have never had troble when I have tried to unrar the files. All worked well.Froma abouta week ago every file I downloaded has come up with a "this file is corrupt " message and has not unrared properly. Others inthe forum have not had the same problem and are downloading and unzipping properly.

    I got a friend of mine who lives locally to download and unrar one of the files file to his pc and it worked fine. He brought it over on a usb stick and I could unrar it perfectly on my pc.

    When trying to analyse why my pc was giving me a problem I compared the two files by doing a right click and "properties "function.
    I found that the size of both files were identical, (247MB (259,561,664bytes) however, the size on disk differed between them.
    Mine read 247MB (259,563,520bytes), where his read 247MB (259,571,712bytes).
    I was just wanting to restore the pc to a week back when I knew that everything had been workingcorrectly. Does this give anyone any idea as to what I may be able to do to corect this problem?

    I believe you may have a virus or a malware infection, please follow the link below to have your PC checked for any infections.

    Please make sure you follow the instructions and do not miss anything or you may not receive the help you need.


    http://www.windowsbbs.com/malware-vi...uncements.html

    If it is an infection, system restore would probably not make any difference, you would need to perform a full format of the hard drive and a clean install of the OS.     Thank you markmadras. Perhaps I should mention at this point ,that I have a home network of 2 desktop computers linked together via a serviceprovider modem (using adsl cabling ports and not wireless). I have already tried to download the same file through the other pc (that one is able to do system restore ok). I have the same problem . The file size is the same as using the troublesome pc.So I was thinkimg it may be a problem with rara.exe. itself so I removed it and then replaced it completely. it did not help. I was thinking perhaps I have a problem with the modem of My service provider not able to downlpoad the file properly ? could this be so? I am at completely at a loss to explain why this is happening.
    I will wait for your reply before attempting to use the malware area on here.

    OK, just for experimental purposes download this free RAR extractor and see what happens. If the result is the same the only other thing I can think off is that something is corrupting the download of the RAR file, maybe your ISP but I've not heard of that before. Is the RAR file from a torrent site?

    http://download.cnet.com/Free-RAR-Ex...-10804840.html

    I am suggesting a virus because I can't think of any other logical explanation for the prolem you have

    Firstly many thanks for all of your help. It is greatly appreciated.
    1 The free RAR extractor could not open the files either.
    2 My wife has a laptop (Vista o/s)which can be used via wireless through the same modem that the 2 desktops are cabled to. It downloaded and unrared the file ok.
    3 I have done all teh steps that you suggested in "http://www.windowsbbs.com/malware-vi...uncements.html ".
    The only problem was using the GMER .exe. It scanned ok but when I clicked on "save" it froze
    and I had to reboot the pc by turning off the power to it (did this a lot) I even tried it under safe mode. The same problem.
    Any suggestions?
    The rar files are not from a torrent site.


    That has conviced me even more that you have an infection. The link I gave for the Virus and Malware forum instructs you to open a new thread in that forum which you need to do to get the help you require. There is an expert on that forum that will guide you through the scanning and cleaning process.


    Please open a thread in the Malware and Virus Removal forum explaining your problem. Post the logs you have, explain what didn't run.

    __________________
    Arie Slob,

    WindowsBBS Admin.


    Results of the scans which I was asked to carry out are a sfollows:-
    1 Windows firewall was ON
    2 CA Antivirus system check only found 1 infection...Java/SillyDL.HKG. This was quarantined.
    3 Temp File Cleaner downloaded and run.
    3 Step1. Malwarebytes downloaded and run . Log follows:-

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5202

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    28/11/2010 9:55:04 AM
    mbam-log-2010-11-28 (09-55-04).txt

    Scan type: Quick scan
    Objects scanned: 150622
    Time elapsed: 13 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 3
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_application (Hijacker.Application) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_xmllookup (Hijacker.XMLLookup) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    3 Step2. Downloaded GMER.
    Followed all instructions re disconnection form internet and turning off virus monitoring systems. Scan started.
    HOWEVER!! when I clicked the save button the pc froze. I had to turn off the power supply in order to turn it off. I tied this 3 times (including safe mode). Kept freezing pc so gave up trying.

    3 Step4.MBRCheck downloaded and run. Here is the log "-

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000d

    Kernel Drivers (total 137):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75A8000 ACPI.sys
    0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7597000 pci.sys
    0xF75F7000 isapnp.sys
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF798B000 intelide.sys
    0xF7607000 MountMgr.sys
    0xF74D8000 ftdisk.sys
    0xF798D000 dmload.sys
    0xF74B2000 dmio.sys
    0xF770F000 PartMgr.sys
    0xF7617000 VolSnap.sys
    0xF749A000 atapi.sys
    0xF7627000 disk.sys
    0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF747A000 fltmgr.sys
    0xF7468000 sr.sys
    0xF7647000 Lbd.sys
    0xF7657000 PxHelp20.sys
    0xF7451000 KSecDD.sys
    0xF7B52000 Ntfs.sys
    0xF7424000 NDIS.sys
    0xF740A000 Mup.sys
    0xBA740000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB975E000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xB974A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB9A59000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB9726000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB9A51000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB95FE000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0xB95DB000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF79D7000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB9A49000 \SystemRoot\System32\Drivers\Modem.SYS
    0xBA730000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA7C4000 \SystemRoot\system32\DRIVERS\hpmmkbd.sys
    0xB9A41000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB9A39000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xBA720000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBA7C0000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB95C7000 \SystemRoot\system32\DRIVERS\parport.sys
    0xBA710000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA7BC000 \SystemRoot\system32\drivers\pfc.sys
    0xF7677000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7687000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB9591000 \SystemRoot\system32\drivers\smwdm.sys
    0xB956D000 \SystemRoot\system32\drivers\portcls.sys
    0xF76A7000 \SystemRoot\system32\drivers\drmk.sys
    0xF7AB5000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB9849000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7923000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB94DB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF76E7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF76F7000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF77AF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB943A000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7577000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xAF82C000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xAF824000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xAF718000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB5AF6000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xAF81C000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF79AF000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xAF6BA000 \SystemRoot\system32\DRIVERS\update.sys
    0xB92D6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB49E5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB9BA0000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xB9A69000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xAF517000 \SystemRoot\System32\Drivers\VETFDDNT.SYS
    0xB1458000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xA6726000 \SystemRoot\System32\Drivers\VETEFILE.SYS
    0xAF4F3000 \SystemRoot\System32\Drivers\VET-REC.SYS
    0xF777F000 \SystemRoot\System32\Drivers\VET-FILT.SYS
    0xA66C4000 \SystemRoot\System32\Drivers\VETMONNT.SYS
    0xA66A5000 \SystemRoot\System32\Drivers\VETEBOOT.SYS
    0xA66EE000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB6C05000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF77E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xA6481000 \SystemRoot\System32\Drivers\Null.SYS
    0xA653B000 \SystemRoot\system32\DRIVERS\lvuvcflt.sys
    0xF7991000 \SystemRoot\System32\Drivers\Beep.SYS
    0xAF8C9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF77DF000 \SystemRoot\System32\drivers\vga.sys
    0xF79E3000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF77D7000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF780F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xA652F000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xA652B000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA5593000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA553A000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA5521000 \SystemRoot\System32\Drivers\avgtdix.sys
    0xA54FB000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB9829000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA54D3000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA52C9000 \SystemRoot\system32\DRIVERS\LVMVDrv.sys
    0xA52A7000 \SystemRoot\System32\drivers\afd.sys
    0xB9859000 \SystemRoot\system32\drivers\LVUSBSta.sys
    0xB9869000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA4F39000 \SystemRoot\system32\DRIVERS\lvuvc.sys
    0xF77EF000 \SystemRoot\System32\Drivers\StarOpen.SYS
    0xA4D65000 \SystemRoot\system32\DRIVERS\lvpopflt.sys
    0xA4D3A000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB9839000 \SystemRoot\system32\drivers\usbaudio.sys
    0xA4CCA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA4AC8000 \SystemRoot\system32\DRIVERS\LVcKap.sys
    0xB6BD5000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAF804000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0xA4A77000 \SystemRoot\System32\Drivers\avgldx86.sys
    0xBA790000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA4A5F000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79F7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xBA7E0000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7787000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xA6817000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF040000 \SystemRoot\System32\ialmdev5.DLL
    0xBF070000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB92EA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA48AB000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xA486E000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB9899000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA481E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF79A3000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xA40C2000 \SystemRoot\system32\DRIVERS\srv.sys
    0xAF8D1000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
    0xA3B31000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA39D2000 \SystemRoot\system32\DRIVERS\e1000325.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 54):
    0 System Idle Process
    4 System
    740 C:\WINDOWS\system32\smss.exe
    1080 csrss.exe
    1244 C:\WINDOWS\system32\winlogon.exe
    1400 C:\WINDOWS\system32\services.exe
    1480 C:\WINDOWS\system32\lsass.exe
    476 C:\WINDOWS\system32\svchost.exe
    1300 svchost.exe
    672 C:\WINDOWS\system32\svchost.exe
    1168 C:\Program Files\AVG\AVG8\avgrsx.exe
    1240 svchost.exe
    876 svchost.exe
    928 C:\WINDOWS\explorer.exe
    1460 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    492 C:\WINDOWS\system32\spoolsv.exe
    1560 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    1628 svchost.exe
    512 C:\WINDOWS\system32\agrsmsvc.exe
    1436 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
    1920 C:\WINDOWS\system32\hkcmd.exe
    1648 C:\WINDOWS\system32\igfxpers.exe
    980 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    252 C:\Program Files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe
    468 C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    1052 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
    1048 C:\WINDOWS\system32\HPMMKBD.EXE
    1176 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    1720 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    1072 C:\Program Files\Logitech\QuickCam\Quickcam.exe
    768 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1760 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    424 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    1724 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    2480 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    4052 C:\Program Files\Java\jre6\bin\jqs.exe
    1696 C:\Program Files\Real\RealPlayer\Update\realsched.exe
    2072 C:\WINDOWS\system32\ctfmon.exe
    2568 C:\Program Files\Messenger\msmsgs.exe
    3452 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    764 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    1764 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    2984 C:\WINDOWS\system32\svchost.exe
    3432 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
    3956 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2620 C:\WINDOWS\system32\wuauclt.exe
    3840 unsecapp.exe
    3760 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    1908 wmiprvse.exe
    1728 C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    2468 wmiprvse.exe
    2644 alg.exe
    3596 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    2744 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: ST3160215A, Rev: 3.AAD

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!


    3 Step4. DDS downloaded and run. Here are the logs:-


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-27.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 22/05/2009 11:23:11 AM
    System Uptime: 28/11/2010 11:19:27 AM (0 hours ago)

    Motherboard: IBM | | IBM
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | WMT478/NWD | 2793/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 54.218 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP370: 30/08/2010 10:55:04 PM - System Checkpoint
    RP371: 31/08/2010 12:45:14 PM - sound is ok
    RP372: 1/09/2010 7:48:56 AM - translate
    RP373: 1/09/2010 1:43:54 PM - Installed COWON Media Center - jetAudio Basic VX
    RP374: 2/09/2010 2:18:10 PM - System Checkpoint
    RP375: 3/09/2010 2:45:03 PM - System Checkpoint
    RP376: 4/09/2010 3:37:48 PM - System Checkpoint
    RP377: 5/09/2010 11:08:53 AM - Software Distribution Service 3.0
    RP378: 6/09/2010 11:14:32 AM - System Checkpoint
    RP379: 7/09/2010 11:32:01 AM - System Checkpoint
    RP380: 8/09/2010 3:32:59 PM - System Checkpoint
    RP381: 9/09/2010 4:21:09 PM - System Checkpoint
    RP382: 10/09/2010 5:29:30 PM - System Checkpoint
    RP383: 11/09/2010 6:55:22 PM - System Checkpoint
    RP384: 12/09/2010 6:56:36 PM - System Checkpoint
    RP385: 13/09/2010 8:13:02 PM - System Checkpoint
    RP386: 14/09/2010 8:32:36 PM - System Checkpoint
    RP387: 15/09/2010 9:33:43 PM - Software Distribution Service 3.0
    RP388: 16/09/2010 10:50:12 PM - System Checkpoint
    RP389: 18/09/2010 7:19:37 AM - System Checkpoint
    RP390: 19/09/2010 12:22:20 PM - System Checkpoint
    RP391: 20/09/2010 4:12:55 PM - System Checkpoint
    RP392: 21/09/2010 6:07:01 PM - System Checkpoint
    RP393: 23/09/2010 8:01:27 AM - System Checkpoint
    RP394: 24/09/2010 8:11:12 AM - System Checkpoint
    RP395: 25/09/2010 10:10:25 AM - System Checkpoint
    RP396: 26/09/2010 10:15:58 AM - System Checkpoint
    RP397: 27/09/2010 11:09:55 AM - System Checkpoint
    RP398: 27/09/2010 9:41:21 PM - AOK 270910
    RP399: 27/09/2010 10:50:54 PM - Restore Operation
    RP400: 29/09/2010 7:42:44 AM - Software Distribution Service 3.0
    RP401: 30/09/2010 8:12:56 AM - System Checkpoint
    RP402: 30/09/2010 6:41:12 PM - Installed Suite
    RP403: 1/10/2010 9:14:14 PM - System Checkpoint
    RP404: 3/10/2010 9:12:12 AM - System Checkpoint
    RP405: 4/10/2010 5:49:56 PM - System Checkpoint
    RP406: 5/10/2010 6:23:46 PM - System Checkpoint
    RP407: 6/10/2010 2:46:07 PM - Software Distribution Service 3.0
    RP408: 7/10/2010 5:01:27 PM - System Checkpoint
    RP409: 8/10/2010 5:26:52 PM - System Checkpoint
    RP410: 9/10/2010 5:36:12 PM - System Checkpoint
    RP411: 10/10/2010 5:53:01 PM - System Checkpoint
    RP412: 11/10/2010 8:07:44 PM - System Checkpoint
    RP413: 12/10/2010 8:14:53 PM - System Checkpoint
    RP414: 13/10/2010 6:04:35 AM - Software Distribution Service 3.0
    RP415: 14/10/2010 8:06:34 AM - System Checkpoint
    RP416: 26/10/2010 6:25:20 PM - Removed Princess Countdown Connectionâ„¢
    RP417: 27/10/2010 7:04:25 PM - System Checkpoint
    RP418: 29/10/2010 7:48:57 AM - System Checkpoint
    RP419: 30/10/2010 9:21:38 AM - System Checkpoint
    RP420: 31/10/2010 2:27:36 PM - System Checkpoint
    RP421: 1/11/2010 1:55:33 PM - Configured COWON Media Center - jetAudio Basic VX
    RP422: 2/11/2010 3:56:59 PM - System Checkpoint
    RP423: 3/11/2010 5:06:16 PM - System Checkpoint
    RP424: 4/11/2010 6:23:04 PM - System Checkpoint
    RP425: 6/11/2010 5:42:54 PM - System Checkpoint
    RP426: 7/11/2010 6:20:22 PM - System Checkpoint
    RP427: 8/11/2010 6:37:00 PM - System Checkpoint
    RP428: 9/11/2010 8:02:40 PM - System Checkpoint
    RP429: 10/11/2010 2:42:04 PM - Installed Java(TM) 6 Update 22
    RP430: 11/11/2010 6:34:33 AM - Software Distribution Service 3.0
    RP431: 12/11/2010 12:10:16 PM - System Checkpoint
    RP432: 14/11/2010 9:04:33 AM - System Checkpoint
    RP433: 15/11/2010 9:33:55 AM - System Checkpoint
    RP434: 16/11/2010 1:02:54 PM - System Checkpoint
    RP435: 16/11/2010 4:12:35 PM - H
    RP436: 16/11/2010 7:03:21 PM - Installed NTI Shadow
    RP437: 16/11/2010 7:07:41 PM - Removed NTI Shadow
    RP438: 17/11/2010 8:30:43 PM - System Checkpoint
    RP439: 19/11/2010 6:02:43 AM - System Checkpoint
    RP440: 20/11/2010 8:13:51 AM - System Checkpoint
    RP441: 21/11/2010 10:03:32 AM - System Checkpoint
    RP442: 22/11/2010 12:22:59 PM - System Checkpoint
    RP443: 23/11/2010 5:02:26 PM - System Checkpoint
    RP444: 24/11/2010 5:41:05 PM - System Checkpoint
    RP445: 25/11/2010 8:46:31 PM - System Checkpoint
    RP446: 26/11/2010 9:01:26 PM - System Checkpoint
    RP447: 27/11/2010 10:03:07 PM - Restore Operation
    RP448: 27/11/2010 10:16:02 PM - Restore Operation
    RP449: 27/11/2010 10:23:11 PM - Restore Operation
    RP450: 27/11/2010 10:42:55 PM - Restore Operation
    RP451: 27/11/2010 10:53:36 PM - Restore Operation
    RP452: 28/11/2010 5:28:16 AM - Restore Operation
    RP453: 28/11/2010 6:54:49 AM - Restore Operation

    ==== Installed Programs ======================


    ACDSee for PENTAX 2.0
    Acrobat.com
    Ad-Aware
    Adobe Acrobat Reader 3.01
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    Agere Systems PCI-SV92PP Soft Modem
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    µTorrent
    BigPond Broadband ADSL
    Boilsoft Video Converter 2.77
    Boilsoft Video Joiner 5.01
    Boilsoft Video Joiner 6.21
    CA Anti-Virus
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 3.0
    Canon MP270 series MP Drivers
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Combined Community Codec Pack 2008-09-21 16:18
    Compatibility Pack for the 2007 Office system
    COWON Media Center - jetAudio Basic VX
    CyberLink LabelPrint
    CyberLink Power2Go
    DivX Setup
    DVD Flick 1.3.0.7
    Express Burn
    ffdshow v1.1.3402 [2010-05-04]
    Final Media Player 2010
    Foxtel Download Manager 4.1.500.11
    FOXTEL Download Player
    Foxtel TV Guide
    Free Video Joiner 1.1
    Google Earth
    Google Talk Plugin
    Google Update Helper
    Hewlett-Packard Extended Keyboard
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    i-menu 1.0
    Image Resizer Powertoy for Windows XP
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Java Auto Updater
    Java(TM) 6 Update 22
    JDownloader
    Korean Fonts Support For Adobe Reader 9
    LightScribe System Software 1.14.17.1
    Logitech QuickCam
    Logitech Vid
    Logitech® Camera Driver
    MailWasher Free
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Calculator Plus
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 4.0
    Microsoft Office Standard Edition 2003
    Microsoft Picture It! Photo Standard 7.0
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    mIRC
    MKV Player 1.0
    MSN
    MSN Recorder Max
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MVision
    myDownloader 1.3
    NCH Toolbox
    Nero 7 Essentials
    neroxml
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.2
    PowerProducer
    Primo
    Prism Video Converter
    QuickTime
    RapidShare Manager
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Runtime
    SAMSUNG CDMA Modem Driver Set
    SAMSUNG Mobile Composite Device Software
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3
    Samsung PC Studio 3 USB Driver Installer
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Sony Picture Utility
    Sony USB Driver
    SoundMAX
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VivoOffline
    VivoStatic 3
    VLC media player 1.1.4
    WebFldrs XP
    Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131)
    Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
    Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
    Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinZip
    Yahoo! Install Manager
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo!7 Toolbar

    ==== Event Viewer Messages From Past Week ========

    28/11/2010 9:59:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    28/11/2010 9:24:40 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    28/11/2010 9:24:40 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    28/11/2010 9:24:40 AM, error: Service Control Manager [7034] - The CaCCProvSP service terminated unexpectedly. It has done this 1 time(s).
    28/11/2010 9:24:39 AM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
    28/11/2010 9:24:39 AM, error: Service Control Manager [7034] - The LVCOMSer service terminated unexpectedly. It has done this 1 time(s).
    28/11/2010 9:24:39 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    28/11/2010 9:24:39 AM, error: Service Control Manager [7034] - The Foxtel Download Manager service terminated unexpectedly. It has done this 1 time(s).
    28/11/2010 9:24:39 AM, error: Service Control Manager [7034] - The Canon Inkjet Printer/Scanner/Fax Extended Survey Program service terminated unexpectedly. It has done this 1 time(s).
    28/11/2010 9:24:39 AM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
    28/11/2010 9:24:39 AM, error: Service Control Manager [7031] - The VET Message Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    28/11/2010 9:24:39 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    28/11/2010 9:24:39 AM, error: Service Control Manager [7031] - The CAISafe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    28/11/2010 11:00:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    28/11/2010 10:08:42 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    28/11/2010 10:05:20 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    27/11/2010 10:47:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    27/11/2010 10:47:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss StarOpen Tcpip VET-FILT VET-REC VETEFILE VETMONNT
    27/11/2010 10:47:03 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    27/11/2010 10:47:03 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    27/11/2010 10:47:03 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    27/11/2010 10:47:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    27/11/2010 10:38:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    27/11/2010 10:38:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    27/11/2010 10:38:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm StarOpen VET-FILT VET-REC VETEFILE VETMONNT
    26/11/2010 6:24:23 AM, error: Service Control Manager [7024] - The AVG Free8 WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
    26/11/2010 6:24:23 AM, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
    22/11/2010 5:46:18 PM, error: Print [6161] - The document Microsoft Word - Document2 owned by Administrator failed to print on printer Canon MP270 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 27508. Total number of pages in the document: 5. Number of pages printed: 0. Client machine: \\WORKVENT-176607. Win32 error code returned by the print processor: 13 (0xd).

    ==== End Of File ===========================



    DDS (Ver_10-11-27.01) - NTFSx86
    Run by Administrator at 11:27:14.21 on Sun 28/11/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2039.1389 [GMT 11:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\AVG\AVG8\avgrsx.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    svchost.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\WINDOWS\system32\HpMmKbd.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Documents and Settings\Administrator\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.bigpond.com/
    uSearch Page =
    uSearch Bar =
    mSearchAssistant =
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe "
    mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe "
    mRun: [HpMmKbd] HpMmKbd.exe
    mRun: [POINTER] point32.exe
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe "
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe "
    mRun: [P2Go_Menu] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0 "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRunOnce: [RunNarrator] Narrator.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: c:\windows\system32\VetRedir.dll
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-22 64288]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-22 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-22 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-22 108552]
    R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-11-17 26352]
    R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-11-17 21104]
    R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-11-17 746216]
    R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-11-17 21488]
    R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-11-17 161008]
    R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-11-17 144696]
    R2 Foxtel;Foxtel Download Manager;c:\program files\foxtel\download player\download control\dcbin\DCService.exe [2009-9-25 70144]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1375992]
    R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-11-17 255312]
    R3 hpmmkbd;HP Extended Keyboard;c:\windows\system32\drivers\HPMMKBD.SYS [2009-11-15 15924]
    R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-11-17 130280]
    S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-22 908056]
    S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-22 297752]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-23 135664]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15264]
    S3 SRS_WOWHD_DivX_Service;WOW HD DivX Edition;c:\windows\system32\drivers\SRS_DivX_i386.sys [2009-12-17 246000]

    =============== Created Last 30 ================

    2010-11-27 22:38:52 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
    2010-11-27 22:38:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-27 22:38:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-27 22:38:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-27 22:38:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-27 19:52:59 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Help
    2010-11-20 23:32:54 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Showtime
    2010-11-18 11:04:47 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Real
    2010-11-18 11:03:57 -------- d-----w- c:\program files\common files\xing shared
    2010-11-15 05:24:36 -------- d-----w- c:\program files\myDownloader
    2010-11-06 00:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

    ==================== Find3M ====================

    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-18 01:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-14 17:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-14 15:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 11:30:28.06 ===============


    Thank you in advance for your suggestions.
     
    jerry zarb,
    #1
  2. 2010/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    You're running two AV programs, AVG and CA Security.
    One of them has to go.
    If AVG, make sure to use this tool to remove it: http://www.avg.com/us-en/download-tools

    =============================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/11/28
    jerry zarb

    jerry zarb Well-Known Member Thread Starter

    Joined:
    2002/01/26
    Messages:
    123
    Likes Received:
    0
    I have run the avg remover, but I am not sure if it worked..It still shows a folder titled AVG8 and full of files in the Programme files of C drive.
    Here is the log-

    2010-11-28 21:12:05,250 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
    2010-11-28 21:12:05,296 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
    2010-11-28 21:12:05,296 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:programFilesDir (x86) value failed (error: e001003d)
    2010-11-28 21:12:05,296 INFO Command line: "C:\Documents and Settings\Administrator\Desktop\avg_remover_stf_x86_2011_1165.exe"
    2010-11-28 21:12:05,296 WARN AvgDir param empty.
    2010-11-28 21:12:05,296 WARN AvgAdminDir param empty.
    2010-11-28 21:12:05,296 WARN AvgDataDir param empty.
    2010-11-28 21:12:12,984 INFO AvgRemover runs in attempt number 1
    2010-11-28 21:12:12,984 INFO ***** Msi data *****
    2010-11-28 21:12:13,000 DEBUG No product code found for our upgrade codes, nothing to do here
    2010-11-28 21:12:13,000 INFO ***** Exchange&Outlook plugins data *****
    2010-11-28 21:12:13,000 INFO Removing AvgOutlook addin
    2010-11-28 21:12:13,000 INFO AvgOutlook Removing HKCR addin keys x86
    2010-11-28 21:12:13,000 INFO Removing Sharepoint plugin if exists
    2010-11-28 21:12:13,000 INFO Removing Antispam plugin for Exchange 2000/2003 if exists
    2010-11-28 21:12:13,000 DEBUG Stopping service 'MSExchangeIS' to remove VSAPI plugin...
    2010-11-28 21:12:13,000 DEBUG Service MSExchangeIS Stop failed (error: c0070424)
    2010-11-28 21:12:13,000 DEBUG Exchange&Outlook plugins removal failed with error 0xc0070424
    2010-11-28 21:12:13,000 INFO ***** Services *****
    2010-11-28 21:12:13,000 INFO Processing service avg8emc, it can take several minutes...
    2010-11-28 21:12:13,000 INFO Processing service avgfws8, it can take several minutes...
    2010-11-28 21:12:13,000 INFO Processing service AvgWFPx, it can take several minutes...
    2010-11-28 21:12:13,000 INFO Service avgfws8 is not installed
    2010-11-28 21:12:13,000 INFO Service AvgWFPx is not installed
    2010-11-28 21:12:13,000 INFO Processing service avg9wd, it can take several minutes...
    2010-11-28 21:12:13,000 INFO Processing service AvgMfx64, it can take several minutes...
    2010-11-28 21:12:13,000 DEBUG Service avgfws8 RegCleanup
    2010-11-28 21:12:13,015 INFO Processing service avg8wd, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Processing service AvgLdx64, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Service avg9wd is not installed
    2010-11-28 21:12:13,015 DEBUG Service AvgWFPx RegCleanup
    2010-11-28 21:12:13,015 INFO Processing service AvgTdiA, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Service avg8emc is not running
    2010-11-28 21:12:13,015 DEBUG Registry keys for service avgfws8 are not present
    2010-11-28 21:12:13,015 INFO Service AvgMfx64 is not installed
    2010-11-28 21:12:13,015 INFO Processing service AvgWFPa, it can take several minutes...
    2010-11-28 21:12:13,015 DEBUG Service avg8wd BeforeStop
    2010-11-28 21:12:13,015 INFO Processing service AvgRkx64, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Service AvgLdx64 is not installed
    2010-11-28 21:12:13,015 INFO Processing service avgfws9, it can take several minutes...
    2010-11-28 21:12:13,015 DEBUG Registry keys for service AvgWFPx are not present
    2010-11-28 21:12:13,015 INFO Processing service AVGIDSAgent, it can take several minutes...
    2010-11-28 21:12:13,015 DEBUG Service avg9wd RegCleanup
    2010-11-28 21:12:13,015 INFO Service AvgTdiA is not installed
    2010-11-28 21:12:13,015 INFO Processing service AVGIDSFilterxpx, it can take several minutes...
    2010-11-28 21:12:13,015 DEBUG Service avg8emc Delete
    2010-11-28 21:12:13,015 INFO Processing service AvgLdx86, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Processing service AVGIDSDriverxpx, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Processing service AVGIDSShimxpx, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Processing service avgfws, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Processing service avg9emc, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Processing service AvgRkx86, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Processing service AvgTdiX, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Processing service AvgMfx86, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Processing service AVGIDSFiltervtx, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Processing service AVGIDSFiltervta, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Processing service AVGIDSShimw7x, it can take several minutes...
    2010-11-28 21:12:13,015 INFO Processing service AVGIDSDriverw7x, it can take several minutes...
    2010-11-28 21:12:13,015 DEBUG Service AvgMfx64 RegCleanup
    2010-11-28 21:12:13,031 INFO Processing service AVGIDSDriverw7a, it can take several minutes...
    2010-11-28 21:12:13,031 INFO Processing service AVGIDSErHrvtx, it can take several minutes...
    2010-11-28 21:12:13,031 INFO Processing service AVGIDSErHrw7x, it can take several minutes...
    2010-11-28 21:12:13,031 INFO Service AvgWFPa is not installed
    2010-11-28 21:12:13,031 INFO Service AvgRkx64 is not installed
    2010-11-28 21:12:13,031 INFO Processing service avgwd, it can take several minutes...
    2010-11-28 21:12:13,031 DEBUG Service AvgLdx64 RegCleanup
    2010-11-28 21:12:13,031 INFO Processing service AVGIDSShimvtx, it can take several minutes...
    2010-11-28 21:12:13,031 INFO Service avgfws9 is not installed
    2010-11-28 21:12:13,031 DEBUG Registry keys for service avg9wd are not present
    2010-11-28 21:12:13,031 INFO Processing service AVGIDSDrivervta, it can take several minutes...
    2010-11-28 21:12:13,031 INFO Processing service AVGIDSDrivervtx, it can take several minutes...
    2010-11-28 21:12:13,031 INFO Processing service AVGIDSFilterw7x, it can take several minutes...
    2010-11-28 21:12:13,046 INFO Processing service AVGIDSFilterw7a, it can take several minutes...
    2010-11-28 21:12:13,046 INFO Processing service AVGIDSErHrxpx, it can take several minutes...
    2010-11-28 21:12:13,046 INFO Processing service AVGIDSErHrvta, it can take several minutes...
    2010-11-28 21:12:13,046 INFO Service AVGIDSAgent is not installed
    2010-11-28 21:12:13,046 INFO Processing service AvgAdminServer, it can take several minutes...
    2010-11-28 21:12:13,046 INFO Processing service AVGIDSErHrw7a, it can take several minutes...
    2010-11-28 21:12:13,046 DEBUG Service AvgTdiA RegCleanup
    2010-11-28 21:12:13,046 INFO Service AVGIDSFilterxpx is not installed
    2010-11-28 21:12:13,046 INFO Service AVGIDSDriverxpx is not installed
    2010-11-28 21:12:13,046 INFO Service AVGIDSShimxpx is not installed
    2010-11-28 21:12:13,046 INFO Service avgfws is not installed
    2010-11-28 21:12:13,046 INFO Service avg9emc is not installed
    2010-11-28 21:12:13,062 INFO Service AvgRkx86 is not installed
    2010-11-28 21:12:13,062 DEBUG Service avg8emc RegCleanup
    2010-11-28 21:12:13,062 INFO Service AVGIDSFiltervtx is not installed
    2010-11-28 21:12:13,062 DEBUG Registry keys for service AvgMfx64 are not present
    2010-11-28 21:12:13,078 DEBUG Service AvgWFPa RegCleanup
    2010-11-28 21:12:13,078 DEBUG Service AvgRkx64 RegCleanup
    2010-11-28 21:12:13,078 DEBUG Registry keys for service AvgLdx64 are not present
    2010-11-28 21:12:13,078 DEBUG Service avgfws9 RegCleanup
    2010-11-28 21:12:13,109 INFO Service AVGIDSShimw7x is not installed
    2010-11-28 21:12:13,109 INFO Service AVGIDSShimvtx is not installed
    2010-11-28 21:12:13,109 INFO Service AVGIDSErHrvtx is not installed
    2010-11-28 21:12:13,109 INFO Service AVGIDSDriverw7a is not installed
    2010-11-28 21:12:13,109 INFO Service AVGIDSErHrw7x is not installed
    2010-11-28 21:12:13,109 INFO Service AVGIDSFilterw7x is not installed
    2010-11-28 21:12:13,109 INFO Service AVGIDSFilterw7a is not installed
    2010-11-28 21:12:13,109 INFO Service AVGIDSErHrvta is not installed
    2010-11-28 21:12:13,109 INFO Service AVGIDSDrivervta is not installed
    2010-11-28 21:12:13,109 INFO Service AVGIDSDrivervtx is not installed
    2010-11-28 21:12:13,109 INFO Service AVGIDSErHrxpx is not installed
    2010-11-28 21:12:13,109 DEBUG Service AvgLdx86 Stop
    2010-11-28 21:12:13,109 INFO Service AVGIDSDriverw7x is not installed
    2010-11-28 21:12:13,109 INFO Service avgwd is not installed
    2010-11-28 21:12:13,109 DEBUG Service AvgTdiX Stop
    2010-11-28 21:12:13,109 DEBUG Service AvgMfx86 Stop
    2010-11-28 21:12:13,109 INFO Service AVGIDSFiltervta is not installed
    2010-11-28 21:12:13,109 DEBUG Service AVGIDSAgent RegCleanup
    2010-11-28 21:12:13,109 DEBUG Registry keys for service AvgTdiA are not present
    2010-11-28 21:12:13,109 INFO Service AVGIDSErHrw7a is not installed
    2010-11-28 21:12:13,109 INFO Service AvgAdminServer is not installed
    2010-11-28 21:12:13,109 DEBUG Service AVGIDSFilterxpx RegCleanup
    2010-11-28 21:12:13,125 DEBUG Service AVGIDSDriverxpx RegCleanup
    2010-11-28 21:12:13,156 DEBUG Service AVGIDSShimxpx RegCleanup
    2010-11-28 21:12:13,156 DEBUG Service avgfws RegCleanup
    2010-11-28 21:12:13,156 DEBUG Registry keys for service avg8emc are not present
    2010-11-28 21:12:13,156 DEBUG Service AvgRkx86 RegCleanup
    2010-11-28 21:12:13,156 DEBUG Service avg9emc RegCleanup
    2010-11-28 21:12:13,156 DEBUG Registry keys for service AvgWFPa are not present
    2010-11-28 21:12:13,156 DEBUG Registry keys for service avgfws9 are not present
    2010-11-28 21:12:13,156 DEBUG Service AVGIDSFiltervtx RegCleanup
    2010-11-28 21:12:13,156 DEBUG Service AVGIDSShimw7x RegCleanup
    2010-11-28 21:12:13,156 DEBUG Service AVGIDSErHrw7x RegCleanup
    2010-11-28 21:12:13,156 DEBUG Service AVGIDSDriverw7a RegCleanup
    2010-11-28 21:12:13,156 DEBUG Service AVGIDSErHrvtx RegCleanup
    2010-11-28 21:12:13,156 DEBUG Service AVGIDSFilterw7x RegCleanup
    2010-11-28 21:12:13,156 DEBUG Service AVGIDSShimvtx RegCleanup
    2010-11-28 21:12:13,156 DEBUG Registry keys for service AvgRkx64 are not present
    2010-11-28 21:12:13,156 DEBUG Service AVGIDSFilterw7a RegCleanup
    2010-11-28 21:12:13,156 DEBUG Service AVGIDSErHrvta RegCleanup
    2010-11-28 21:12:13,171 DEBUG Service AVGIDSDrivervta RegCleanup
    2010-11-28 21:12:13,171 WARN Service avg8wd Failed to SetStoppable command (error: e0010127)
    2010-11-28 21:12:13,171 DEBUG Service AVGIDSDrivervtx RegCleanup
    2010-11-28 21:12:13,171 DEBUG Service AVGIDSErHrxpx RegCleanup
    2010-11-28 21:12:13,171 DEBUG Service avgwd RegCleanup
    2010-11-28 21:12:13,171 DEBUG Service AVGIDSDriverw7x RegCleanup
    2010-11-28 21:12:13,171 DEBUG Service AVGIDSFiltervta RegCleanup
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSAgent are not present
    2010-11-28 21:12:13,171 DEBUG Service AVGIDSErHrw7a RegCleanup
    2010-11-28 21:12:13,171 DEBUG Service AvgAdminServer RegCleanup
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSFilterxpx are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSDriverxpx are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service avgfws are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AvgRkx86 are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service avg9emc are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSFiltervtx are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSShimw7x are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSErHrw7x are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSDriverw7a are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSErHrvtx are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSFilterw7x are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSShimvtx are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSFilterw7a are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSErHrvta are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSDrivervta are not present
    2010-11-28 21:12:13,171 DEBUG Registry keys for service AVGIDSShimxpx are not present
    2010-11-28 21:12:13,187 DEBUG Service avg8wd BeforeStop failed
    2010-11-28 21:12:13,187 DEBUG Registry keys for service AVGIDSDrivervtx are not present
    2010-11-28 21:12:13,187 DEBUG Registry keys for service AVGIDSErHrxpx are not present
    2010-11-28 21:12:13,187 DEBUG Registry keys for service avgwd are not present
    2010-11-28 21:12:13,187 DEBUG Registry keys for service AVGIDSDriverw7x are not present
    2010-11-28 21:12:13,187 DEBUG Registry keys for service AVGIDSFiltervta are not present
    2010-11-28 21:12:13,187 DEBUG Registry keys for service AVGIDSErHrw7a are not present
    2010-11-28 21:12:13,187 DEBUG Registry keys for service AvgAdminServer are not present
    2010-11-28 21:12:13,281 DEBUG Service AvgTdiX Stop failed (error: c007041c), RESTART planned
    2010-11-28 21:12:13,281 DEBUG Service AvgTdiX Stop failed
    2010-11-28 21:12:13,281 DEBUG Service AvgTdiX Delete
    2010-11-28 21:12:13,281 DEBUG Service AvgLdx86 Delete
    2010-11-28 21:12:13,281 INFO Service avg8wd is not running
    2010-11-28 21:12:13,281 DEBUG Service avg8wd Delete
    2010-11-28 21:12:13,281 DEBUG Service AvgTdiX Delete failed (error: c007041c)
    2010-11-28 21:12:13,281 DEBUG Service AvgTdiX Delete failed
    2010-11-28 21:12:13,281 DEBUG Service AvgTdiX RegCleanup
    2010-11-28 21:12:13,281 DEBUG Service AvgLdx86 RegCleanup
    2010-11-28 21:12:13,281 DEBUG Service avg8wd RegCleanup
    2010-11-28 21:16:56,468 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
    2010-11-28 21:16:56,484 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
    2010-11-28 21:16:56,484 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:programFilesDir (x86) value failed (error: e001003d)
    2010-11-28 21:16:56,484 INFO Command line: "C:\Documents and Settings\Administrator\Desktop\avg_remover_stf_x86_2011_1165.exe"
    2010-11-28 21:16:56,484 WARN AvgDir param empty.
    2010-11-28 21:16:56,484 WARN AvgAdminDir param empty.
    2010-11-28 21:16:56,484 WARN AvgDataDir param empty.
    2010-11-28 21:16:59,281 INFO AvgRemover runs in attempt number 1
    2010-11-28 21:16:59,281 INFO ***** Msi data *****
    2010-11-28 21:16:59,281 DEBUG No product code found for our upgrade codes, nothing to do here
    2010-11-28 21:16:59,281 INFO ***** Exchange&Outlook plugins data *****
    2010-11-28 21:16:59,281 INFO Removing AvgOutlook addin
    2010-11-28 21:16:59,281 INFO AvgOutlook Removing HKCR addin keys x86
    2010-11-28 21:16:59,281 INFO Removing Sharepoint plugin if exists
    2010-11-28 21:16:59,281 INFO Removing Antispam plugin for Exchange 2000/2003 if exists
    2010-11-28 21:16:59,281 DEBUG Stopping service 'MSExchangeIS' to remove VSAPI plugin...
    2010-11-28 21:16:59,296 DEBUG Service MSExchangeIS Stop failed (error: c0070424)
    2010-11-28 21:16:59,296 DEBUG Exchange&Outlook plugins removal failed with error 0xc0070424
    2010-11-28 21:16:59,296 INFO ***** Services *****
    2010-11-28 21:16:59,296 INFO Processing service avg8emc, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Processing service avgfws8, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Processing service AvgWFPx, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Service avgfws8 is not installed
    2010-11-28 21:16:59,296 INFO Service AvgWFPx is not installed
    2010-11-28 21:16:59,296 INFO Processing service avg9wd, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Service avg8emc is not installed
    2010-11-28 21:16:59,296 DEBUG Service avgfws8 RegCleanup
    2010-11-28 21:16:59,296 INFO Processing service AvgMfx64, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Processing service AvgLdx64, it can take several minutes...
    2010-11-28 21:16:59,296 DEBUG Service AvgWFPx RegCleanup
    2010-11-28 21:16:59,296 INFO Service avg9wd is not installed
    2010-11-28 21:16:59,296 DEBUG Service avg8emc RegCleanup
    2010-11-28 21:16:59,296 INFO Processing service AvgTdiA, it can take several minutes...
    2010-11-28 21:16:59,296 DEBUG Registry keys for service avgfws8 are not present
    2010-11-28 21:16:59,296 INFO Processing service AvgRkx64, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Service AvgMfx64 is not installed
    2010-11-28 21:16:59,296 INFO Processing service avgfws9, it can take several minutes...
    2010-11-28 21:16:59,296 DEBUG Registry keys for service AvgWFPx are not present
    2010-11-28 21:16:59,296 INFO Service AvgLdx64 is not installed
    2010-11-28 21:16:59,296 INFO Processing service AvgWFPa, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Processing service AVGIDSShimvtx, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Processing service AVGIDSFilterxpx, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Processing service AVGIDSAgent, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Processing service AvgMfx86, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Processing service avg8wd, it can take several minutes...
    2010-11-28 21:16:59,296 DEBUG Service avg9wd RegCleanup
    2010-11-28 21:16:59,296 INFO Processing service AvgLdx86, it can take several minutes...
    2010-11-28 21:16:59,296 DEBUG Registry keys for service avg8emc are not present
    2010-11-28 21:16:59,296 INFO Service AvgTdiA is not installed
    2010-11-28 21:16:59,296 INFO Processing service AvgTdiX, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Service AvgRkx64 is not installed
    2010-11-28 21:16:59,296 INFO Processing service AVGIDSFiltervtx, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Processing service AVGIDSDriverxpx, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Processing service AVGIDSShimxpx, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Processing service avgfws, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Processing service avg9emc, it can take several minutes...
    2010-11-28 21:16:59,296 INFO Processing service AvgRkx86, it can take several minutes...
    2010-11-28 21:16:59,312 INFO Processing service AVGIDSDrivervtx, it can take several minutes...
    2010-11-28 21:16:59,312 DEBUG Service AvgMfx64 RegCleanup
    2010-11-28 21:16:59,312 INFO Processing service AVGIDSDrivervta, it can take several minutes...
    2010-11-28 21:16:59,312 INFO Processing service AVGIDSFilterw7a, it can take several minutes...
    2010-11-28 21:16:59,312 INFO Processing service AVGIDSFilterw7x, it can take several minutes...
    2010-11-28 21:16:59,312 INFO Processing service AVGIDSErHrxpx, it can take several minutes...
    2010-11-28 21:16:59,312 INFO Processing service AVGIDSErHrvta, it can take several minutes...
    2010-11-28 21:16:59,312 INFO Processing service AVGIDSErHrw7a, it can take several minutes...
    2010-11-28 21:16:59,312 INFO Service avgfws9 is not installed
    2010-11-28 21:16:59,312 INFO Processing service AvgAdminServer, it can take several minutes...
    2010-11-28 21:16:59,312 DEBUG Service AvgLdx64 RegCleanup
    2010-11-28 21:16:59,312 INFO Service AVGIDSShimvtx is not installed
    2010-11-28 21:16:59,312 INFO Service AvgWFPa is not installed
    2010-11-28 21:16:59,312 INFO Service AVGIDSFilterxpx is not installed
    2010-11-28 21:16:59,312 INFO Processing service AVGIDSFiltervta, it can take several minutes...
    2010-11-28 21:16:59,312 INFO Service AVGIDSAgent is not installed
    2010-11-28 21:16:59,312 INFO Processing service AVGIDSShimw7x, it can take several minutes...
    2010-11-28 21:16:59,328 DEBUG Registry keys for service avg9wd are not present
    2010-11-28 21:16:59,328 INFO Service avg8wd is not installed
    2010-11-28 21:16:59,328 INFO Processing service AVGIDSDriverw7x, it can take several minutes...
    2010-11-28 21:16:59,328 INFO Processing service AVGIDSDriverw7a, it can take several minutes...
    2010-11-28 21:16:59,328 DEBUG Service AvgMfx86 Stop
    2010-11-28 21:16:59,328 INFO Processing service AVGIDSErHrvtx, it can take several minutes...
    2010-11-28 21:16:59,328 INFO Service AvgLdx86 is not installed
    2010-11-28 21:16:59,328 INFO Processing service AVGIDSErHrw7x, it can take several minutes...
    2010-11-28 21:16:59,328 INFO Processing service avgwd, it can take several minutes...
    2010-11-28 21:16:59,328 DEBUG Service AvgTdiA RegCleanup
    2010-11-28 21:16:59,328 DEBUG Service AvgRkx64 RegCleanup
    2010-11-28 21:16:59,343 INFO Service AVGIDSShimxpx is not installed
    2010-11-28 21:16:59,343 INFO Service avgfws is not installed
    2010-11-28 21:16:59,343 INFO Service AVGIDSDriverxpx is not installed
    2010-11-28 21:16:59,343 INFO Service AVGIDSFiltervtx is not installed
    2010-11-28 21:16:59,343 DEBUG Service AvgTdiX Stop
    2010-11-28 21:16:59,343 INFO Service avg9emc is not installed
    2010-11-28 21:16:59,343 INFO Service AvgRkx86 is not installed
    2010-11-28 21:16:59,343 DEBUG Registry keys for service AvgMfx64 are not present
    2010-11-28 21:16:59,343 INFO Service AVGIDSDrivervtx is not installed
    2010-11-28 21:16:59,343 INFO Service AVGIDSDrivervta is not installed
    2010-11-28 21:16:59,343 INFO Service AVGIDSFilterw7a is not installed
    2010-11-28 21:16:59,343 INFO Service AVGIDSFilterw7x is not installed
    2010-11-28 21:16:59,359 INFO Service AVGIDSErHrxpx is not installed
    2010-11-28 21:16:59,359 INFO Service AVGIDSErHrvta is not installed
    2010-11-28 21:16:59,359 INFO Service AVGIDSErHrw7a is not installed
    2010-11-28 21:16:59,359 DEBUG Service avgfws9 RegCleanup
    2010-11-28 21:16:59,359 DEBUG Registry keys for service AvgLdx64 are not present
    2010-11-28 21:16:59,359 INFO Service AvgAdminServer is not installed
    2010-11-28 21:16:59,359 DEBUG Service AVGIDSShimvtx RegCleanup
    2010-11-28 21:16:59,359 DEBUG Service AvgWFPa RegCleanup
    2010-11-28 21:16:59,359 DEBUG Service AVGIDSFilterxpx RegCleanup
    2010-11-28 21:16:59,359 INFO Service AVGIDSFiltervta is not installed
    2010-11-28 21:16:59,359 DEBUG Service AVGIDSAgent RegCleanup
    2010-11-28 21:16:59,375 INFO Service AVGIDSShimw7x is not installed
    2010-11-28 21:16:59,375 DEBUG Service avg8wd RegCleanup
    2010-11-28 21:16:59,375 INFO Service AVGIDSDriverw7x is not installed
    2010-11-28 21:16:59,375 INFO Service AVGIDSDriverw7a is not installed
    2010-11-28 21:16:59,375 INFO Service AVGIDSErHrvtx is not installed
    2010-11-28 21:16:59,375 DEBUG Service AvgLdx86 RegCleanup
    2010-11-28 21:16:59,375 INFO Service AVGIDSErHrw7x is not installed
    2010-11-28 21:16:59,375 DEBUG Registry keys for service AvgTdiA are not present
    2010-11-28 21:16:59,375 DEBUG Registry keys for service AvgRkx64 are not present
    2010-11-28 21:16:59,375 INFO Service avgwd is not installed
    2010-11-28 21:16:59,390 DEBUG Service AVGIDSShimxpx RegCleanup
    2010-11-28 21:16:59,390 DEBUG Service avgfws RegCleanup
    2010-11-28 21:16:59,390 DEBUG Service AVGIDSDriverxpx RegCleanup
    2010-11-28 21:16:59,390 DEBUG Service AVGIDSFiltervtx RegCleanup
    2010-11-28 21:16:59,390 INFO Service AvgTdiX is unstoppable, RESTART planned
    2010-11-28 21:16:59,390 DEBUG Service avg9emc RegCleanup
    2010-11-28 21:16:59,390 DEBUG Service AvgRkx86 RegCleanup
    2010-11-28 21:16:59,390 DEBUG Service AVGIDSDrivervtx RegCleanup
    2010-11-28 21:16:59,390 DEBUG Service AVGIDSDrivervta RegCleanup
    2010-11-28 21:16:59,390 DEBUG Service AVGIDSFilterw7a RegCleanup
    2010-11-28 21:16:59,390 DEBUG Service AVGIDSFilterw7x RegCleanup
    2010-11-28 21:16:59,390 DEBUG Service AVGIDSErHrxpx RegCleanup
    2010-11-28 21:16:59,406 DEBUG Service AVGIDSErHrvta RegCleanup
    2010-11-28 21:16:59,406 DEBUG Service AVGIDSErHrw7a RegCleanup
    2010-11-28 21:16:59,406 DEBUG Registry keys for service avgfws9 are not present
    2010-11-28 21:16:59,406 DEBUG Service AvgAdminServer RegCleanup
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AvgWFPa are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AVGIDSFilterxpx are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AVGIDSShimvtx are not present
    2010-11-28 21:16:59,406 DEBUG Service AVGIDSFiltervta RegCleanup
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AVGIDSAgent are not present
    2010-11-28 21:16:59,406 DEBUG Service AVGIDSShimw7x RegCleanup
    2010-11-28 21:16:59,406 DEBUG Registry keys for service avg8wd are not present
    2010-11-28 21:16:59,406 DEBUG Service AVGIDSDriverw7x RegCleanup
    2010-11-28 21:16:59,406 DEBUG Service AVGIDSDriverw7a RegCleanup
    2010-11-28 21:16:59,406 DEBUG Service AVGIDSErHrvtx RegCleanup
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AvgLdx86 are not present
    2010-11-28 21:16:59,406 DEBUG Service AVGIDSErHrw7x RegCleanup
    2010-11-28 21:16:59,406 DEBUG Service avgwd RegCleanup
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AVGIDSShimxpx are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service avgfws are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AVGIDSDriverxpx are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AVGIDSFiltervtx are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service avg9emc are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AvgRkx86 are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AVGIDSErHrvta are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AVGIDSErHrw7a are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AvgAdminServer are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AVGIDSErHrxpx are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AVGIDSFilterw7x are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AVGIDSFilterw7a are not present
    2010-11-28 21:16:59,406 DEBUG Service AvgTdiX Delete
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AVGIDSDrivervta are not present
    2010-11-28 21:16:59,406 DEBUG Registry keys for service AVGIDSDrivervtx are not present
    2010-11-28 21:16:59,421 DEBUG Registry keys for service AVGIDSErHrw7x are not present
    2010-11-28 21:16:59,421 DEBUG Registry keys for service avgwd are not present
    2010-11-28 21:16:59,421 DEBUG Registry keys for service AVGIDSErHrvtx are not present
    2010-11-28 21:16:59,421 DEBUG Registry keys for service AVGIDSDriverw7a are not present
    2010-11-28 21:16:59,421 DEBUG Registry keys for service AVGIDSDriverw7x are not present
    2010-11-28 21:16:59,421 DEBUG Registry keys for service AVGIDSShimw7x are not present
    2010-11-28 21:16:59,421 DEBUG Registry keys for service AVGIDSFiltervta are not present
    2010-11-28 21:16:59,421 DEBUG Service AvgTdiX Delete failed (error: c007041c)
    2010-11-28 21:16:59,421 DEBUG Service AvgTdiX Delete failed
    2010-11-28 21:16:59,421 DEBUG Service AvgTdiX RegCleanup
    2010-11-28 21:16:59,421 DEBUG Registry keys for service AvgTdiX are not present
    2010-11-28 21:18:19,625 DEBUG Service AvgMfx86 Stop failed (error: e0010031), RESTART planned
    2010-11-28 21:18:19,625 DEBUG Service AvgMfx86 Stop failed
    2010-11-28 21:18:19,625 DEBUG Service AvgMfx86 Delete
    2010-11-28 21:20:42,609 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
    2010-11-28 21:20:42,609 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
    2010-11-28 21:20:42,609 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:programFilesDir (x86) value failed (error: e001003d)
    2010-11-28 21:20:42,609 INFO Command line: "C:\Documents and Settings\Administrator\Desktop\avg_remover_stf_x86_2011_1165.exe"
    2010-11-28 21:20:42,609 WARN AvgDir param empty.
    2010-11-28 21:20:42,609 WARN AvgAdminDir param empty.
    2010-11-28 21:20:42,609 WARN AvgDataDir param empty.
    2010-11-28 21:20:44,703 INFO AvgRemover runs in attempt number 1
    2010-11-28 21:20:44,703 INFO ***** Msi data *****
    2010-11-28 21:20:44,703 DEBUG No product code found for our upgrade codes, nothing to do here
    2010-11-28 21:20:44,703 INFO ***** Exchange&Outlook plugins data *****
    2010-11-28 21:20:44,703 INFO Removing AvgOutlook addin
    2010-11-28 21:20:44,703 INFO AvgOutlook Removing HKCR addin keys x86
    2010-11-28 21:20:44,703 INFO Removing Sharepoint plugin if exists
    2010-11-28 21:20:44,703 INFO Removing Antispam plugin for Exchange 2000/2003 if exists
    2010-11-28 21:20:44,703 DEBUG Stopping service 'MSExchangeIS' to remove VSAPI plugin...
    2010-11-28 21:20:44,703 DEBUG Service MSExchangeIS Stop failed (error: c0070424)
    2010-11-28 21:20:44,703 DEBUG Exchange&Outlook plugins removal failed with error 0xc0070424
    2010-11-28 21:20:44,703 INFO ***** Services *****
    2010-11-28 21:20:44,703 INFO Processing service avgfws8, it can take several minutes...
    2010-11-28 21:20:44,703 INFO Service avgfws8 is not installed
    2010-11-28 21:20:44,718 DEBUG Service avgfws8 RegCleanup
    2010-11-28 21:20:44,718 DEBUG Registry keys for service avgfws8 are not present
    2010-11-28 21:20:44,718 INFO Processing service AvgWFPx, it can take several minutes...
    2010-11-28 21:20:44,718 INFO Service AvgWFPx is not installed
    2010-11-28 21:20:44,718 INFO Processing service avg9wd, it can take several minutes...
    2010-11-28 21:20:44,718 INFO Processing service AvgMfx64, it can take several minutes...
    2010-11-28 21:20:44,718 INFO Processing service AvgLdx64, it can take several minutes...
    2010-11-28 21:20:44,718 INFO Processing service AvgTdiA, it can take several minutes...
    2010-11-28 21:20:44,718 INFO Processing service AvgRkx64, it can take several minutes...
    2010-11-28 21:20:44,718 INFO Processing service avgfws9, it can take several minutes...
    2010-11-28 21:20:44,718 INFO Processing service AVGIDSAgent, it can take several minutes...
    2010-11-28 21:20:44,718 INFO Processing service AVGIDSFilterxpx, it can take several minutes...
    2010-11-28 21:20:44,718 INFO Service avg9wd is not installed
    2010-11-28 21:20:44,718 INFO Service AvgMfx64 is not installed
    2010-11-28 21:20:44,718 INFO Service AvgRkx64 is not installed
    2010-11-28 21:20:44,718 INFO Service AvgTdiA is not installed
    2010-11-28 21:20:44,718 INFO Service AvgLdx64 is not installed
    2010-11-28 21:20:44,718 INFO Service avgfws9 is not installed
    2010-11-28 21:20:44,718 DEBUG Service AvgWFPx RegCleanup
    2010-11-28 21:20:44,718 INFO Service AVGIDSAgent is not installed
    2010-11-28 21:20:44,718 INFO Processing service avg8emc, it can take several minutes...
    2010-11-28 21:20:44,718 INFO Processing service avg8wd, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSDriverxpx, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSShimxpx, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSFiltervta, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Service AVGIDSFilterxpx is not installed
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSFiltervtx, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service avgwd, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSShimw7x, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSErHrw7x, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSErHrvtx, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSDriverw7a, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSDriverw7x, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service avgfws, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service avg9emc, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AvgRkx86, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AvgTdiX, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AvgLdx86, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AvgMfx86, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AvgWFPa, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSErHrvta, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSErHrxpx, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSFilterw7a, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSErHrw7a, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSFilterw7x, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSDrivervta, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSDrivervtx, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AvgAdminServer, it can take several minutes...
    2010-11-28 21:20:44,734 INFO Processing service AVGIDSShimvtx, it can take several minutes...
    2010-11-28 21:20:44,734 DEBUG Service avg9wd RegCleanup
    2010-11-28 21:20:44,734 DEBUG Registry keys for service AvgWFPx are not present
    2010-11-28 21:20:44,734 DEBUG Service AVGIDSAgent RegCleanup
    2010-11-28 21:20:44,734 DEBUG Service avgfws9 RegCleanup
    2010-11-28 21:20:44,734 DEBUG Service AvgLdx64 RegCleanup
    2010-11-28 21:20:44,734 INFO Service avg8emc is not installed
    2010-11-28 21:20:44,734 DEBUG Service AvgTdiA RegCleanup
    2010-11-28 21:20:44,734 INFO Service avg8wd is not installed
    2010-11-28 21:20:44,734 INFO Service AVGIDSDriverxpx is not installed
    2010-11-28 21:20:44,734 DEBUG Service AvgRkx64 RegCleanup
    2010-11-28 21:20:44,750 INFO Service AVGIDSShimxpx is not installed
    2010-11-28 21:20:44,750 INFO Service AVGIDSFiltervta is not installed
    2010-11-28 21:20:44,750 DEBUG Service AVGIDSFilterxpx RegCleanup
    2010-11-28 21:20:44,750 DEBUG Service AvgMfx64 RegCleanup
    2010-11-28 21:20:44,750 INFO Service AVGIDSFiltervtx is not installed
    2010-11-28 21:20:44,750 INFO Service AVGIDSShimw7x is not installed
    2010-11-28 21:20:44,750 INFO Service avgwd is not installed
    2010-11-28 21:20:44,750 INFO Service AVGIDSErHrw7x is not installed
    2010-11-28 21:20:44,750 INFO Service AVGIDSDriverw7a is not installed
    2010-11-28 21:20:44,750 INFO Service AVGIDSErHrvtx is not installed
    2010-11-28 21:20:44,765 INFO Service AVGIDSDriverw7x is not installed
    2010-11-28 21:20:44,765 INFO Service avgfws is not installed
    2010-11-28 21:20:44,765 INFO Service avg9emc is not installed
    2010-11-28 21:20:44,765 INFO Service AvgRkx86 is not installed
    2010-11-28 21:20:44,765 INFO Service AvgLdx86 is not installed
    2010-11-28 21:20:44,765 DEBUG Service AvgTdiX Stop
    2010-11-28 21:20:44,765 INFO Service AvgWFPa is not installed
    2010-11-28 21:20:44,765 DEBUG Service AvgMfx86 Stop
    2010-11-28 21:20:44,765 INFO Service AVGIDSErHrvta is not installed
    2010-11-28 21:20:44,781 INFO Service AVGIDSErHrxpx is not installed
    2010-11-28 21:20:44,781 INFO Service AVGIDSFilterw7a is not installed
    2010-11-28 21:20:44,781 INFO Service AVGIDSErHrw7a is not installed
    2010-11-28 21:20:44,781 INFO Service AVGIDSFilterw7x is not installed
    2010-11-28 21:20:44,781 INFO Service AVGIDSDrivervta is not installed
    2010-11-28 21:20:44,781 INFO Service AVGIDSDrivervtx is not installed
    2010-11-28 21:20:44,781 DEBUG Registry keys for service avg9wd are not present
    2010-11-28 21:20:44,781 DEBUG Registry keys for service AVGIDSAgent are not present
    2010-11-28 21:20:44,796 DEBUG Registry keys for service avgfws9 are not present
    2010-11-28 21:20:44,796 DEBUG Registry keys for service AvgLdx64 are not present
    2010-11-28 21:20:44,796 INFO Service AVGIDSShimvtx is not installed
    2010-11-28 21:20:44,796 INFO Service AvgAdminServer is not installed
    2010-11-28 21:20:44,796 DEBUG Service avg8wd RegCleanup
    2010-11-28 21:20:44,796 DEBUG Registry keys for service AvgTdiA are not present
    2010-11-28 21:20:44,796 DEBUG Service avg8emc RegCleanup
    2010-11-28 21:20:44,796 DEBUG Service AVGIDSDriverxpx RegCleanup
    2010-11-28 21:20:44,796 DEBUG Service AVGIDSShimxpx RegCleanup
    2010-11-28 21:20:44,796 DEBUG Registry keys for service AvgRkx64 are not present
    2010-11-28 21:20:44,796 DEBUG Service AVGIDSFiltervta RegCleanup
    2010-11-28 21:20:44,796 DEBUG Registry keys for service AVGIDSFilterxpx are not present
    2010-11-28 21:20:44,796 DEBUG Registry keys for service AvgMfx64 are not present
    2010-11-28 21:20:44,796 DEBUG Service AVGIDSFiltervtx RegCleanup
    2010-11-28 21:20:44,796 DEBUG Service AVGIDSShimw7x RegCleanup
    2010-11-28 21:20:44,796 DEBUG Service avgwd RegCleanup
    2010-11-28 21:20:44,796 DEBUG Service AVGIDSErHrw7x RegCleanup
    2010-11-28 21:20:44,796 DEBUG Service AVGIDSDriverw7a RegCleanup
    2010-11-28 21:20:44,796 DEBUG Service AVGIDSErHrvtx RegCleanup
    2010-11-28 21:20:44,796 DEBUG Service AVGIDSDriverw7x RegCleanup
    2010-11-28 21:20:44,796 DEBUG Service avgfws RegCleanup
    2010-11-28 21:20:44,796 DEBUG Service avg9emc RegCleanup
    2010-11-28 21:20:44,796 DEBUG Service AvgRkx86 RegCleanup
    2010-11-28 21:20:44,812 DEBUG Service AvgLdx86 RegCleanup
    2010-11-28 21:20:44,812 INFO Service AvgTdiX is unstoppable, RESTART planned
    2010-11-28 21:20:44,812 DEBUG Service AvgWFPa RegCleanup
    2010-11-28 21:20:44,812 DEBUG Service AVGIDSDrivervtx RegCleanup
    2010-11-28 21:20:44,812 DEBUG Service AVGIDSDrivervta RegCleanup
    2010-11-28 21:20:44,812 DEBUG Service AVGIDSFilterw7x RegCleanup
    2010-11-28 21:20:44,812 DEBUG Service AVGIDSErHrw7a RegCleanup
    2010-11-28 21:20:44,812 DEBUG Service AVGIDSFilterw7a RegCleanup
    2010-11-28 21:20:44,812 DEBUG Service AVGIDSErHrxpx RegCleanup
    2010-11-28 21:20:44,812 DEBUG Service AVGIDSErHrvta RegCleanup
    2010-11-28 21:20:44,812 DEBUG Service AvgAdminServer RegCleanup
    2010-11-28 21:20:44,812 DEBUG Service AVGIDSShimvtx RegCleanup
    2010-11-28 21:20:44,812 DEBUG Registry keys for service avg8wd are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service avg8emc are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service AVGIDSDriverxpx are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service AVGIDSFiltervta are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service AVGIDSFiltervtx are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service AVGIDSShimw7x are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service AvgRkx86 are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service AvgLdx86 are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service avg9emc are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service AVGIDSErHrvtx are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service AVGIDSDriverw7x are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service AVGIDSDriverw7a are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service AVGIDSErHrw7x are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service avgfws are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service AVGIDSShimxpx are not present
    2010-11-28 21:20:44,812 DEBUG Registry keys for service avgwd are not present
    2010-11-28 21:20:44,828 DEBUG Service AvgTdiX Delete
    2010-11-28 21:20:44,828 DEBUG Registry keys for service AvgWFPa are not present
    2010-11-28 21:20:44,828 DEBUG Registry keys for service AVGIDSDrivervtx are not present
    2010-11-28 21:20:44,828 DEBUG Registry keys for service AVGIDSDrivervta are not present
    2010-11-28 21:20:44,828 DEBUG Registry keys for service AVGIDSFilterw7x are not present
    2010-11-28 21:20:44,828 DEBUG Registry keys for service AVGIDSErHrw7a are not present
    2010-11-28 21:20:44,828 DEBUG Registry keys for service AVGIDSErHrxpx are not present
    2010-11-28 21:20:44,828 DEBUG Registry keys for service AVGIDSErHrvta are not present
    2010-11-28 21:20:44,828 DEBUG Registry keys for service AvgAdminServer are not present
    2010-11-28 21:20:44,828 DEBUG Registry keys for service AVGIDSShimvtx are not present
    2010-11-28 21:20:44,828 DEBUG Registry keys for service AVGIDSFilterw7a are not present
    2010-11-28 21:20:44,828 DEBUG Service AvgTdiX Delete failed (error: c007041c)
    2010-11-28 21:20:44,828 DEBUG Service AvgTdiX Delete failed
    2010-11-28 21:20:44,828 DEBUG Service AvgTdiX RegCleanup
    2010-11-28 21:20:44,828 DEBUG Registry keys for service AvgTdiX are not present


    Should I delete that folder ?
    I am about to run TDSS Killer and will send log soon
     
    jerry zarb,
    #3
  5. 2010/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You can safely delete that folder.
    We'll check for any other leftovers during our cleaning process.
     
    broni,
    #4
  6. 2010/11/28
    jerry zarb

    jerry zarb Well-Known Member Thread Starter

    Joined:
    2002/01/26
    Messages:
    123
    Likes Received:
    0
    I was unable to delete it. Normal Access is denied type window appeared...

    Log of scan here:-

    2010/11/29 09:05:42.0578 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31
    2010/11/29 09:05:42.0578 ================================================================================
    2010/11/29 09:05:42.0578 SystemInfo:
    2010/11/29 09:05:42.0578
    2010/11/29 09:05:42.0578 OS Version: 5.1.2600 ServicePack: 3.0
    2010/11/29 09:05:42.0593 Product type: Workstation
    2010/11/29 09:05:42.0593 ComputerName: WORKVENT-176607
    2010/11/29 09:05:42.0593 UserName: Administrator
    2010/11/29 09:05:42.0593 Windows directory: C:\WINDOWS
    2010/11/29 09:05:42.0593 System windows directory: C:\WINDOWS
    2010/11/29 09:05:42.0593 Processor architecture: Intel x86
    2010/11/29 09:05:42.0593 Number of processors: 2
    2010/11/29 09:05:42.0593 Page size: 0x1000
    2010/11/29 09:05:42.0593 Boot type: Normal boot
    2010/11/29 09:05:42.0593 ================================================================================
    2010/11/29 09:05:42.0921 Initialize success
    2010/11/29 09:05:50.0984 ================================================================================
    2010/11/29 09:05:50.0984 Scan started
    2010/11/29 09:05:50.0984 Mode: Manual;
    2010/11/29 09:05:50.0984 ================================================================================
    2010/11/29 09:05:52.0312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/11/29 09:05:52.0671 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/11/29 09:05:53.0296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/11/29 09:05:53.0625 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/11/29 09:05:54.0468 AgereSoftModem (e5b5398bbe91406ab5476d20e2833a31) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    2010/11/29 09:05:57.0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/11/29 09:05:57.0640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/11/29 09:05:58.0203 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/11/29 09:05:58.0546 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/11/29 09:05:58.0906 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    2010/11/29 09:05:59.0250 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/11/29 09:05:59.0578 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/11/29 09:05:59.0859 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/11/29 09:06:00.0468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/11/29 09:06:00.0812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/11/29 09:06:01.0140 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/11/29 09:06:02.0921 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/11/29 09:06:03.0484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/11/29 09:06:04.0125 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/11/29 09:06:04.0500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/11/29 09:06:04.0843 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/11/29 09:06:05.0437 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/11/29 09:06:05.0812 E1000 (4beb6f44b0dc94af9fb20e97ab7ad47c) C:\WINDOWS\system32\DRIVERS\e1000325.sys
    2010/11/29 09:06:06.0234 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/11/29 09:06:06.0625 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/11/29 09:06:06.0968 FilterService (ed6c44547540e7892a1c34fd4bd35a53) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
    2010/11/29 09:06:07.0296 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/11/29 09:06:07.0625 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/11/29 09:06:08.0000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/11/29 09:06:08.0406 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/11/29 09:06:08.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/11/29 09:06:09.0062 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/11/29 09:06:09.0390 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/11/29 09:06:09.0718 hpmmkbd (986128df235b8cb6df97766d375e4a26) C:\WINDOWS\system32\DRIVERS\hpmmkbd.sys
    2010/11/29 09:06:10.0359 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/11/29 09:06:11.0203 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/11/29 09:06:11.0781 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2010/11/29 09:06:12.0406 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/11/29 09:06:13.0000 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/11/29 09:06:13.0281 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/11/29 09:06:13.0578 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/11/29 09:06:13.0906 IPFilter (d0b3dee109af605885c46a59bfc24cd2) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
    2010/11/29 09:06:14.0281 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/11/29 09:06:14.0609 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/11/29 09:06:14.0984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/11/29 09:06:15.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/11/29 09:06:15.0640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/11/29 09:06:15.0984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/11/29 09:06:16.0328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/11/29 09:06:16.0671 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/11/29 09:06:17.0046 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/11/29 09:06:17.0390 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/11/29 09:06:17.0609 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    2010/11/29 09:06:17.0968 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    2010/11/29 09:06:19.0187 Lvckap (fb548ff809634bfa866312b37d8a18ae) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
    2010/11/29 09:06:20.0140 lvmvdrv (fe3fb994f8702d9e37648927819b74b8) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
    2010/11/29 09:06:21.0015 lvpopflt (92990b040b68632cc3f80a742d163937) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
    2010/11/29 09:06:21.0343 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
    2010/11/29 09:06:21.0687 LVPrcMon (0354c6a753360ca5e1fe1eba81cb1a35) C:\WINDOWS\system32\drivers\LVPrcMon.sys
    2010/11/29 09:06:22.0093 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2010/11/29 09:06:23.0453 LVUVC (b0dfee7da5e6d04762e25e355d94d8b5) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    2010/11/29 09:06:23.0812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/11/29 09:06:24.0109 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/11/29 09:06:24.0375 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2010/11/29 09:06:24.0734 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/11/29 09:06:25.0078 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/11/29 09:06:25.0421 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/11/29 09:06:26.0046 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/11/29 09:06:26.0531 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/11/29 09:06:26.0859 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/11/29 09:06:27.0187 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/11/29 09:06:27.0500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/11/29 09:06:27.0828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/11/29 09:06:28.0171 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/11/29 09:06:28.0484 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/11/29 09:06:28.0843 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/11/29 09:06:29.0218 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/11/29 09:06:29.0640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/11/29 09:06:30.0031 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/11/29 09:06:30.0343 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/11/29 09:06:30.0687 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/11/29 09:06:31.0062 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/11/29 09:06:31.0375 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/11/29 09:06:31.0656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/11/29 09:06:32.0031 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/11/29 09:06:32.0390 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/11/29 09:06:32.0875 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/11/29 09:06:33.0453 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/11/29 09:06:33.0781 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/11/29 09:06:34.0109 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/11/29 09:06:34.0453 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/11/29 09:06:34.0812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/11/29 09:06:35.0156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/11/29 09:06:35.0484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/11/29 09:06:36.0062 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/11/29 09:06:36.0437 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/11/29 09:06:38.0406 pfc (5903fa75200807ad739286bbf40c4904) C:\WINDOWS\system32\drivers\pfc.sys
    2010/11/29 09:06:38.0781 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/11/29 09:06:39.0156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/11/29 09:06:39.0500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/11/29 09:06:39.0796 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/11/29 09:06:41.0500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/11/29 09:06:41.0859 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/11/29 09:06:42.0218 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/11/29 09:06:42.0546 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/11/29 09:06:42.0921 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/11/29 09:06:43.0265 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/11/29 09:06:43.0656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/11/29 09:06:44.0093 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/11/29 09:06:44.0484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/11/29 09:06:44.0875 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/11/29 09:06:45.0234 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/11/29 09:06:45.0578 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/11/29 09:06:45.0953 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/11/29 09:06:46.0546 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/11/29 09:06:47.0234 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
    2010/11/29 09:06:47.0625 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    2010/11/29 09:06:48.0218 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/11/29 09:06:48.0562 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/11/29 09:06:49.0000 SRS_WOWHD_DivX_Service (10878ecf68d2806bebf87d1b087cff57) C:\WINDOWS\system32\drivers\SRS_DivX_i386.sys
    2010/11/29 09:06:49.0531 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/11/29 09:06:49.0875 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
    2010/11/29 09:06:50.0218 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
    2010/11/29 09:06:50.0562 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
    2010/11/29 09:06:50.0953 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
    2010/11/29 09:06:51.0281 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/11/29 09:06:51.0625 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/11/29 09:06:51.0968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/11/29 09:06:53.0375 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/11/29 09:06:53.0859 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/11/29 09:06:54.0156 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/11/29 09:06:54.0484 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/11/29 09:06:54.0828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/11/29 09:06:55.0437 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/11/29 09:06:56.0140 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/11/29 09:06:56.0625 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/11/29 09:06:56.0953 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/11/29 09:06:57.0296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/11/29 09:06:57.0640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/11/29 09:06:57.0984 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/11/29 09:06:58.0359 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/11/29 09:06:58.0718 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/11/29 09:06:59.0125 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/11/29 09:06:59.0546 VET-FILT (e6287f6c77e71adfc6badb106cd30e7d) C:\WINDOWS\system32\drivers\VET-FILT.sys
    2010/11/29 09:06:59.0843 VET-REC (cb98d6c1ade8a891cbbfd9beb1774f48) C:\WINDOWS\system32\drivers\VET-REC.sys
    2010/11/29 09:07:00.0156 VETEBOOT (c079f80582c31728029f3efcdfeaf221) C:\WINDOWS\system32\drivers\VETEBOOT.sys
    2010/11/29 09:07:00.0703 VETEFILE (31bab965e7af8295c22f641401d622b3) C:\WINDOWS\system32\drivers\VETEFILE.sys
    2010/11/29 09:07:01.0062 VETFDDNT (05bdabe6664f48c54a6d3c538c8f2cc1) C:\WINDOWS\system32\drivers\VETFDDNT.sys
    2010/11/29 09:07:01.0437 VETMONNT (f5897ff7eb733670f92e798ef5358b88) C:\WINDOWS\system32\drivers\VETMONNT.sys
    2010/11/29 09:07:01.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/11/29 09:07:02.0375 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/11/29 09:07:02.0750 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/11/29 09:07:03.0390 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/11/29 09:07:03.0796 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/11/29 09:07:04.0125 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/11/29 09:07:04.0500 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/11/29 09:07:04.0796 ================================================================================
    2010/11/29 09:07:04.0796 Scan finished
    2010/11/29 09:07:04.0796 ================================================================================
     
    jerry zarb,
    #5
  7. 2010/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #6
  8. 2010/11/28
    jerry zarb

    jerry zarb Well-Known Member Thread Starter

    Joined:
    2002/01/26
    Messages:
    123
    Likes Received:
    0
    Combo Fix has been run. It would not run until I removed MY CA Antivirus.It found that AVG was still active but still ran( at my own risk). Here is the log :-
    ComboFix 10-11-28.01 - Administrator 29/11/2010 10:48:52.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2039.1640 [GMT 11:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    G:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-28 )))))))))))))))))))))))))))))))
    .

    2010-11-28 01:04 . 2010-11-28 01:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Philipp Winterberg
    2010-11-27 22:38 . 2010-11-27 22:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-11-27 22:38 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-27 22:38 . 2010-11-27 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-27 22:38 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-27 22:38 . 2010-11-27 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-27 19:52 . 2010-11-27 19:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
    2010-11-20 23:32 . 2010-11-20 23:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Showtime
    2010-11-18 11:04 . 2010-11-18 11:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Real
    2010-11-18 11:03 . 2010-11-18 11:03 -------- d-----w- c:\program files\Common Files\xing shared
    2010-11-15 05:24 . 2010-11-15 05:24 -------- d-----w- c:\program files\myDownloader
    2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-09 08:13 . 2009-11-27 17:23 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-18 01:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-14 17:50 . 2010-05-04 00:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-14 15:29 . 2010-01-16 03:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-10-27 1196936]

    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-10-27 02:48 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-10-27 1196936]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-10-27 1196936]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update "= "c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-28 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
    "Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-11-24 928496]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
    "HpMmKbd "= "HpMmKbd.exe" [2002-02-08 147456]
    "CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
    "CanonSolutionMenu "= "c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
    "Microsoft Works Update Detection "= "c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 28672]
    "LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
    "LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
    "CLMLServer "= "c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
    "P2Go_Menu "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "TkBellExe "= "c:\program files\real\realplayer\update\realsched.exe" [2010-11-18 274608]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator "= "Narrator.exe" [2008-04-13 53760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-11-17 01:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\g:\0autocheck autochk /r \??\h:\0autocheck autochk *\0lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @= "Service "

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe "=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\mIRC\\mirc.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
    "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe "=
    "c:\\WINDOWS\\system32\\dpvsetup.exe "=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=
    "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe "=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/05/2009 1:17 PM 64288]
    R2 Foxtel;Foxtel Download Manager;c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe [25/09/2009 12:29 AM 70144]
    R3 hpmmkbd;HP Extended Keyboard;c:\windows\system32\drivers\HPMMKBD.SYS [15/11/2009 2:51 PM 15924]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/12/2009 8:13 AM 135664]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 11:15 PM 1375992]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 11:15 PM 15264]
    S3 SRS_WOWHD_DivX_Service;WOW HD DivX Edition;c:\windows\system32\drivers\SRS_DivX_i386.sys [17/12/2009 6:37 PM 246000]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-08 23:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 18:52]

    2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 21:12]

    2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 21:12]

    2010-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1614895754-725345543-500Core.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 03:49]

    2010-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1614895754-725345543-500UA.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 03:49]

    2010-11-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-1614895754-725345543-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 00:33]

    2010-11-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-1614895754-725345543-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 00:33]

    2010-11-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2009-10-27 02:48]

    2010-11-28 c:\windows\Tasks\User_Feed_Synchronization-{03A8B878-5409-4486-A7BF-6AD5C408EE48}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-07 17:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bigpond.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
    HKLM-Run-POINTER - point32.exe
    HKLM-Run-LogitechVideo[inspector] - c:\program files\Logitech\Video\InstallHelper.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-29 10:54
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Foxtel]
    "ImagePath "= "\ "c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe\" /accountid:Foxtel "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1957994488-1614895754-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,74,35,56,73,e5,c5,45,b1,ca,c9,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,74,35,56,73,e5,c5,45,b1,ca,c9,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,74,35,56,73,e5,c5,45,b1,ca,c9,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(740)
    c:\windows\system32\adsldpc.dll
    .
    Completion time: 2010-11-29 10:57:59
    ComboFix-quarantined-files.txt 2010-11-28 23:57

    Pre-Run: 63,361,622,016 bytes free
    Post-Run: 63,337,345,024 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 5281C39FEEB14A0544C0D08CCCE84B42
     
    jerry zarb,
    #7
  9. 2010/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Ask Toolbar, know adware.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\system32\avgrsstx.dll


Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #8
  10. 2010/11/28
    jerry zarb

    jerry zarb Well-Known Member Thread Starter

    Joined:
    2002/01/26
    Messages:
    123
    Likes Received:
    0
    log is:-
    ComboFix 10-11-28.01 - Administrator 29/11/2010 12:14:00.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2039.1640 [GMT 11:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

    FILE ::
    "c:\windows\system32\avgrsstx.dll "
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\avgrsstx.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 )))))))))))))))))))))))))))))))
    .

    2010-11-28 23:59 . 2010-11-29 00:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
    2010-11-28 01:04 . 2010-11-28 01:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Philipp Winterberg
    2010-11-27 22:38 . 2010-11-27 22:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-11-27 22:38 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-27 22:38 . 2010-11-27 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-27 22:38 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-27 22:38 . 2010-11-27 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-27 19:52 . 2010-11-27 19:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
    2010-11-20 23:32 . 2010-11-20 23:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Showtime
    2010-11-18 11:04 . 2010-11-18 11:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Real
    2010-11-18 11:03 . 2010-11-18 11:03 -------- d-----w- c:\program files\Common Files\xing shared
    2010-11-15 05:24 . 2010-11-15 05:24 -------- d-----w- c:\program files\myDownloader
    2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-09 08:13 . 2009-11-27 17:23 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-18 01:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-14 17:50 . 2010-05-04 00:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-14 15:29 . 2010-01-16 03:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update "= "c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-28 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
    "Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-11-24 928496]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
    "HpMmKbd "= "HpMmKbd.exe" [2002-02-08 147456]
    "CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
    "CanonSolutionMenu "= "c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
    "Microsoft Works Update Detection "= "c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 28672]
    "LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
    "LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
    "CLMLServer "= "c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
    "P2Go_Menu "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "TkBellExe "= "c:\program files\real\realplayer\update\realsched.exe" [2010-11-18 274608]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator "= "Narrator.exe" [2008-04-13 53760]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\g:\0autocheck autochk /r \??\h:\0autocheck autochk *\0lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @= "Service "

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe "=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\mIRC\\mirc.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
    "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe "=
    "c:\\WINDOWS\\system32\\dpvsetup.exe "=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=
    "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe "=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/05/2009 1:17 PM 64288]
    R2 Foxtel;Foxtel Download Manager;c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe [25/09/2009 12:29 AM 70144]
    R3 hpmmkbd;HP Extended Keyboard;c:\windows\system32\drivers\HPMMKBD.SYS [15/11/2009 2:51 PM 15924]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/12/2009 8:13 AM 135664]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 11:15 PM 1375992]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 11:15 PM 15264]
    S3 SRS_WOWHD_DivX_Service;WOW HD DivX Edition;c:\windows\system32\drivers\SRS_DivX_i386.sys [17/12/2009 6:37 PM 246000]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-08 23:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 18:52]

    2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 21:12]

    2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 21:12]

    2010-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1614895754-725345543-500Core.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 03:49]

    2010-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1614895754-725345543-500UA.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 03:49]

    2010-11-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-1614895754-725345543-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 00:33]

    2010-11-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-1614895754-725345543-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 00:33]

    2010-11-28 c:\windows\Tasks\User_Feed_Synchronization-{03A8B878-5409-4486-A7BF-6AD5C408EE48}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-07 17:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bigpond.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-29 12:26
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Foxtel]
    "ImagePath "= "\ "c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe\" /accountid:Foxtel "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1957994488-1614895754-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,74,35,56,73,e5,c5,45,b1,ca,c9,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,74,35,56,73,e5,c5,45,b1,ca,c9,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,74,35,56,73,e5,c5,45,b1,ca,c9,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(7424)
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    c:\program files\Windows Media Player\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Canon\IJPLM\IJPLMSVC.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\HpMmKbd.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-29 12:35:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-29 01:35
    ComboFix2.txt 2010-11-28 23:58

    Pre-Run: 63,124,078,592 bytes free
    Post-Run: 63,225,401,344 bytes free

    - - End Of File - - A6DA6E33AEEE9BBB739D090227CBD521
     
    jerry zarb,
    #9
  11. 2010/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You can reinstall CA AV now. We're done with Combofix.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #10
  12. 2010/11/28
    jerry zarb

    jerry zarb Well-Known Member Thread Starter

    Joined:
    2002/01/26
    Messages:
    123
    Likes Received:
    0
    I am running the scan now.I have just clicked the "Run Scan" instead of the "QuickScan" button by mistake.Is this ok or should I stop it and restart it?
     
    jerry zarb,
    #11
  13. 2010/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's fine.
     
    broni,
    #12
  14. 2010/11/28
    jerry zarb

    jerry zarb Well-Known Member Thread Starter

    Joined:
    2002/01/26
    Messages:
    123
    Likes Received:
    0
    OTL logfile created on: 29/11/2010 4:05:32 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 58.79 Gb Free Space | 39.44% Space Free | Partition Type: NTFS

    Computer Name: WORKVENT-176607 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/29 16:04:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2010/11/29 15:47:46 | 000,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    PRC - [2010/11/29 15:47:46 | 000,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    PRC - [2010/11/29 15:47:45 | 000,255,312 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
    PRC - [2010/11/29 15:47:45 | 000,230,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
    PRC - [2010/11/25 05:52:25 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010/11/25 05:52:24 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/11/18 22:02:49 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2010/09/01 17:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2009/09/25 00:29:06 | 000,070,144 | ---- | M] (Entriq, Inc.) -- C:\Program Files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe
    PRC - [2009/02/11 03:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2008/11/10 07:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/08/30 15:14:36 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
    PRC - [2008/07/18 20:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/07/25 17:06:30 | 002,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
    PRC - [2007/07/25 17:02:54 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    PRC - [2007/07/25 17:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2007/07/20 01:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2007/07/20 01:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    PRC - [2006/10/05 16:10:12 | 000,009,216 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
    PRC - [2002/02/08 15:16:44 | 000,147,456 | ---- | M] (Hewlett-Packard Corp.) -- C:\WINDOWS\system32\HPMMKBD.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/11/29 16:04:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2007/07/20 01:40:36 | 000,113,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
    MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/29 15:47:46 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
    SRV - [2010/11/29 15:47:45 | 000,255,312 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
    SRV - [2010/11/25 05:52:24 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2009/09/25 00:29:06 | 000,070,144 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe -- (Foxtel)
    SRV - [2009/02/11 03:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2008/11/10 07:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/08/30 15:14:36 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
    SRV - [2007/07/20 01:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2007/07/20 01:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2007/07/20 01:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2006/10/05 16:10:12 | 000,009,216 | R--- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\smserial.sys -- (smserial)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/11/29 15:57:29 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE)
    DRV - [2010/11/29 15:57:27 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT)
    DRV - [2010/11/29 15:47:46 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT)
    DRV - [2010/11/29 15:47:46 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT)
    DRV - [2010/11/29 15:47:46 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT)
    DRV - [2010/11/29 15:47:46 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC)
    DRV - [2010/11/09 19:13:45 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/08/12 23:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2009/11/21 05:53:21 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2009/11/17 12:38:43 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2009/11/10 14:28:44 | 000,246,000 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_DivX_i386.sys -- (SRS_WOWHD_DivX_Service)
    DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2007/07/20 01:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
    DRV - [2007/07/20 01:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
    DRV - [2007/07/19 11:44:22 | 003,599,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
    DRV - [2007/07/19 11:44:22 | 000,022,296 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2007/07/19 11:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/07/19 11:42:28 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
    DRV - [2007/07/18 18:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2007/06/20 17:06:52 | 001,212,192 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2005/09/01 13:11:52 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
    DRV - [2001/08/23 18:33:10 | 000,010,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
    DRV - [1999/09/29 10:40:32 | 000,015,924 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPMMKBD.SYS -- (hpmmkbd)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bigpond.com/
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/18 22:03:48 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2010/11/29 12:25:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
    O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [HpMmKbd] C:\WINDOWS\System32\HPMMKBD.EXE (Hewlett-Packard Corp.)
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/05/22 12:20:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found
    O34 - HKLM BootExecute: (autocheck autochk /r \??\H:) - File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (56027131116781568)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/29 16:04:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/11/29 15:46:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/11/29 15:46:36 | 000,161,008 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys
    [2010/11/29 15:46:36 | 000,091,472 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.dll
    [2010/11/29 15:46:36 | 000,083,256 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\vetredir.dll
    [2010/11/29 15:46:36 | 000,026,352 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys
    [2010/11/29 15:46:36 | 000,021,488 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys
    [2010/11/29 15:46:36 | 000,021,104 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys
    [2010/11/29 15:46:35 | 000,746,216 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
    [2010/11/29 15:46:35 | 000,130,280 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
    [2010/11/29 15:46:35 | 000,099,568 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\isafeif.dll
    [2010/11/29 15:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA
    [2010/11/29 15:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\CA
    [2010/11/29 11:00:03 | 020,641,848 | ---- | C] (CA, Inc. ) -- C:\Documents and Settings\Administrator\Desktop\av_en_32.exe
    [2010/11/29 10:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
    [2010/11/29 10:46:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/11/29 10:42:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/11/29 10:42:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/11/29 10:42:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/11/29 10:42:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/11/29 10:41:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/29 10:22:23 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/28 12:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Philipp Winterberg
    [2010/11/28 09:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2010/11/28 09:38:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/28 09:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/28 09:38:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/28 09:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/28 06:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
    [2010/11/28 06:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Help
    [2010/11/21 10:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Showtime
    [2010/11/18 22:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Real
    [2010/11/18 22:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/11/18 22:03:32 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2010/11/18 22:03:00 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2010/11/18 22:03:00 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2010/11/18 22:02:57 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2010/11/15 16:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\myDownloader
    [2010/11/10 14:43:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/11/10 14:43:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/11/10 14:43:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [10 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/29 16:16:05 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1614895754-725345543-500UA.job
    [2010/11/29 16:05:37 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{03A8B878-5409-4486-A7BF-6AD5C408EE48}.job
    [2010/11/29 16:05:31 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-1614895754-725345543-500.job
    [2010/11/29 16:05:31 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-1614895754-725345543-500.job
    [2010/11/29 16:04:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/11/29 15:57:29 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
    [2010/11/29 15:57:27 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
    [2010/11/29 15:55:31 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/29 15:54:05 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/29 15:53:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/29 15:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2010/11/29 15:47:46 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys
    [2010/11/29 15:47:46 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys
    [2010/11/29 15:47:46 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys
    [2010/11/29 15:47:46 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys
    [2010/11/29 15:47:45 | 000,091,472 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.dll
    [2010/11/29 12:42:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/29 12:25:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/11/29 11:00:44 | 020,641,848 | ---- | M] (CA, Inc. ) -- C:\Documents and Settings\Administrator\Desktop\av_en_32.exe
    [2010/11/29 10:54:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.UNV
    [2010/11/29 10:46:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/11/29 10:41:53 | 003,981,348 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/11/29 10:15:42 | 000,207,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/29 09:33:33 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avgse.dll.doc
    [2010/11/28 13:16:03 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1614895754-725345543-500Core.job
    [2010/11/28 08:19:09 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
    [2010/11/27 22:41:53 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/11/27 06:01:34 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DD.doc
    [2010/11/25 09:58:51 | 000,044,444 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Change_of_Planner_Form.tif
    [2010/11/20 14:18:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/11/19 05:46:27 | 167,394,657 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NRL Videos – NRL.com.mp4
    [2010/11/18 22:03:32 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2010/11/18 22:03:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2010/11/18 22:03:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2010/11/18 22:02:57 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2010/11/16 19:04:32 | 000,000,036 | RHS- | M] () -- C:\.uid_xxx
    [2010/11/16 16:10:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/16 13:26:40 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2010/11/16 13:26:29 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Have you ever seen a clock like this.doc.lnk
    [2010/11/13 15:54:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/11/09 19:13:49 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/11/03 12:38:37 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
    [10 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/29 10:46:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/11/29 10:46:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/11/29 10:42:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/11/29 10:42:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/11/29 10:42:38 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/11/29 10:42:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/11/29 10:42:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/11/29 10:26:18 | 003,981,348 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/11/29 09:32:46 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avgse.dll.doc
    [2010/11/27 06:01:33 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DD.doc
    [2010/11/25 09:58:50 | 000,044,444 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Change_of_Planner_Form.tif
    [2010/11/23 12:26:43 | 167,394,657 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NRL Videos – NRL.com.mp4
    [2010/11/16 19:04:32 | 000,000,036 | RHS- | C] () -- C:\.uid_xxx
    [2010/11/16 16:10:51 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/16 13:26:40 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2010/11/16 13:26:29 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Have you ever seen a clock like this.doc.lnk
    [2010/11/03 12:38:37 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
    [2010/07/20 08:41:03 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2010/07/20 08:30:22 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Installer.log
    [2010/05/07 08:45:11 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/05/06 11:07:14 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/12/19 10:06:42 | 000,000,041 | ---- | C] () -- C:\WINDOWS\VIVOPLAY.INI
    [2009/12/17 18:37:45 | 000,246,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_DivX_i386.sys
    [2009/11/21 07:17:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2009/11/21 07:03:35 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2009/11/21 06:33:48 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2009/11/17 18:05:29 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
    [2009/11/17 17:52:37 | 000,002,037 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
    [2009/11/17 17:51:36 | 000,000,114 | ---- | C] () -- C:\WINDOWS\kpcms.ini
    [2009/11/17 17:51:35 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
    [2009/11/17 17:51:32 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
    [2009/11/17 17:51:32 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
    [2009/11/17 13:07:21 | 000,207,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/05/23 16:53:25 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/05/22 22:04:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/05/22 14:06:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/07/18 18:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2005/09/01 13:11:52 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
    [2003/08/06 16:23:08 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
    [1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
    [1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/11/16 19:04:32 | 000,000,036 | RHS- | M] () -- C:\.uid_xxx
    [2010/11/29 15:53:43 | 000,177,170 | ---- | M] () -- C:\aaw7boot.log
    [2009/05/22 12:20:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/05/22 12:15:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/11/29 10:46:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/11/29 15:46:39 | 000,036,075 | ---- | M] () -- C:\caavsetupLog.txt
    [2010/11/29 15:54:09 | 000,399,539 | ---- | M] () -- C:\caisslog.txt
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2009/11/21 07:50:18 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
    [2010/11/29 12:35:55 | 000,014,000 | ---- | M] () -- C:\ComboFix.txt
    [2009/05/22 12:20:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/05/22 12:20:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/05/22 12:20:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/02/28 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/05/22 11:24:55 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/11/29 15:53:49 | 2138,025,984 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/29 09:07:47 | 000,039,418 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_29.11.2010_09.05.42_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/05/22 12:20:21 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/03/17 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9X.DLL
    [2009/03/17 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9X.DLL
    [2008/07/06 23:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 21:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [1998/04/18 10:34:56 | 000,054,784 | ---- | M] (Storm Technology, Inc.) -- C:\WINDOWS\EasyPhoto Slide Show.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/05/22 22:00:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/05/22 22:00:21 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/05/22 22:00:21 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/05/22 11:31:50 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/05/22 12:30:31 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/29 11:00:44 | 020,641,848 | ---- | M] (CA, Inc. ) -- C:\Documents and Settings\Administrator\Desktop\av_en_32.exe
    [2010/11/29 10:41:53 | 003,981,348 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/11/29 16:04:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010/02/22 20:18:36 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1.0.5-win32.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/03/06 16:48:08 | 000,000,402 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini
    [2009/12/23 07:03:30 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\NCH Audio and Telephony Software.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/11/29 16:05:32 | 000,622,592 | -HS- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 06:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/03 01:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/14 00:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 06:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/03 00:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/03 00:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/03 00:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:4BF2F6B5

    < End of report >
     
    jerry zarb,
    #13
  15. 2010/11/28
    jerry zarb

    jerry zarb Well-Known Member Thread Starter

    Joined:
    2002/01/26
    Messages:
    123
    Likes Received:
    0
    OTL Extras logfile created on: 29/11/2010 4:05:32 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 58.79 Gb Free Space | 39.44% Space Free | Partition Type: NTFS

    Computer Name: WORKVENT-176607 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [RapidShareManagerMail] -- C:\Program Files\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
    Directory [RapidShareManagerUpload] -- C:\Program Files\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)
    "C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
    "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
    "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
    "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
    "{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner 1.1
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
    "{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
    "{369B36BE-3D64-4641-9AEA-808D436FE133}" = Microsoft Picture It! Photo Standard 7.0
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4822DF0D-087B-435C-843D-ADAB239CCA13}_is1" = Boilsoft Video Converter 2.77
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B6FC943-504B-46DB-A53A-132EDFF4899D}" = Foxtel Download Manager 4.1.500.11
    "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
    "{66B6D13A-9CC1-417D-B6F2-58AA539D1033}" = Nero 7 Essentials
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D642ACC5-F7E9-48F3-A7EE-B49C5447A10E}" = Samsung PC Studio 3
    "{D8320DD6-FE47-41DE-B116-4158B7AE3F37}" = ACDSee for PENTAX 2.0
    "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
    "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1" = Boilsoft Video Joiner 6.21
    "0D5BC5DD5940677F9B5623C12951388F5EF72436" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
    "84261EAEDFA5240ACFFEDFB145134E295B649795" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
    "8ABEA6D4578549FADD34471076DFC5C22976C6D9" = Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131)
    "Ad-Aware" = Ad-Aware
    "Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
    "Boilsoft Video Joiner_is1" = Boilsoft Video Joiner 5.01
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "cciss_av" = CA Anti-Virus
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
    "DivX Setup.divx.com" = DivX Setup
    "DVD Flick_is1" = DVD Flick 1.3.0.7
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "EDE780BB5DCF2C3476C105BAE4CC1175516E9173" = Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
    "ExpressBurn" = Express Burn
    "ffdshow_is1" = ffdshow v1.1.3402 [2010-05-04]
    "FinalMediaPlayer_is1" = Final Media Player 2010
    "FOXTEL Download Player" = FOXTEL Download Player
    "Hewlett-Packard Extended Keyboard" = Hewlett-Packard Extended Keyboard
    "ie8" = Windows Internet Explorer 8
    "i-menu_is1" = i-menu 1.0
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "JDownloader" = JDownloader
    "MailWasher Free_is1" = MailWasher Free
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "mIRC" = mIRC
    "MKV Player_is1" = MKV Player 1.0
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "MSNRecorderMax" = MSN Recorder Max
    "myDownloader 1.3" = myDownloader 1.3
    "Prism" = Prism Video Converter
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "QcDrv" = Logitech® Camera Driver
    "RapidShare Manager" = RapidShare Manager
    "RealPlayer 12.0" = RealPlayer
    "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
    "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "ST5UNST #1" = VivoOffline
    "ST6UNST #1" = VivoStatic 3
    "ToolBox" = NCH Toolbox
    "uTorrent" = µTorrent
    "VETWIN32Vp5" = CA Anti-Virus
    "VLC media player" = VLC media player 1.1.4
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo!7 Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "1695664851.cp102008.foxtel.com.au.edgesuite.net" = Foxtel TV Guide

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 15/11/2010 8:17:55 PM | Computer Name = WORKVENT-176607 | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x61f3a350.

    Error - 15/11/2010 11:20:35 PM | Computer Name = WORKVENT-176607 | Source = Application Hang | ID = 1002
    Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 16/11/2010 3:37:51 PM | Computer Name = WORKVENT-176607 | Source = Application Error | ID = 1000
    Description = Faulting application mailwasher.exe, version 5.0.14.6034, faulting
    module mailwasher.exe, version 5.0.14.6034, fault address 0x00003fce.

    Error - 18/11/2010 2:31:18 PM | Computer Name = WORKVENT-176607 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 19/11/2010 7:06:02 PM | Computer Name = WORKVENT-176607 | Source = Application Hang | ID = 1002
    Description = Hanging application YahooMessenger.exe, version 10.0.0.1270, hang
    module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 20/11/2010 11:02:36 PM | Computer Name = WORKVENT-176607 | Source = Application Error | ID = 1000
    Description = Faulting application mailwasher.exe, version 5.0.14.6034, faulting
    module mailwasher.exe, version 5.0.14.6034, fault address 0x00003fce.

    Error - 22/11/2010 9:02:17 PM | Computer Name = WORKVENT-176607 | Source = Application Error | ID = 1000
    Description = Faulting application mailwasher.exe, version 5.0.14.6034, faulting
    module mailwasher.exe, version 5.0.14.6034, fault address 0x00003fce.

    Error - 22/11/2010 9:02:17 PM | Computer Name = WORKVENT-176607 | Source = Application Error | ID = 1000
    Description = Faulting application mailwasher.exe, version 5.0.14.6034, faulting
    module mailwasher.exe, version 5.0.14.6034, fault address 0x00003fce.

    Error - 28/11/2010 3:23:08 PM | Computer Name = WORKVENT-176607 | Source = Application Error | ID = 1000
    Description = Faulting application mailwasher.exe, version 5.0.14.6034, faulting
    module mailwasher.exe, version 5.0.14.6034, fault address 0x00003fce.

    Error - 28/11/2010 5:20:12 PM | Computer Name = WORKVENT-176607 | Source = Application Hang | ID = 1002
    Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 28/11/2010 3:17:52 PM | Computer Name = WORKVENT-176607 | Source = Service Control Manager | ID = 7024
    Description = The AVG Free8 WatchDog service terminated with service-specific error
    3758161981 (0xE001003D).

    Error - 28/11/2010 3:17:52 PM | Computer Name = WORKVENT-176607 | Source = Service Control Manager | ID = 7001
    Description = The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog
    service which failed to start because of the following error: %%1066

    Error - 28/11/2010 3:27:45 PM | Computer Name = WORKVENT-176607 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 28/11/2010 3:42:36 PM | Computer Name = WORKVENT-176607 | Source = Service Control Manager | ID = 7024
    Description = The AVG Free8 WatchDog service terminated with service-specific error
    3758161981 (0xE001003D).

    Error - 28/11/2010 3:42:36 PM | Computer Name = WORKVENT-176607 | Source = Service Control Manager | ID = 7001
    Description = The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog
    service which failed to start because of the following error: %%1066

    Error - 28/11/2010 5:06:48 PM | Computer Name = WORKVENT-176607 | Source = Service Control Manager | ID = 7024
    Description = The AVG Free8 WatchDog service terminated with service-specific error
    3758161981 (0xE001003D).

    Error - 28/11/2010 5:06:48 PM | Computer Name = WORKVENT-176607 | Source = Service Control Manager | ID = 7001
    Description = The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog
    service which failed to start because of the following error: %%1066

    Error - 28/11/2010 7:21:53 PM | Computer Name = WORKVENT-176607 | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 28/11/2010 7:40:19 PM | Computer Name = WORKVENT-176607 | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 28/11/2010 9:11:42 PM | Computer Name = WORKVENT-176607 | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).


    < End of report >
     
    jerry zarb,
    #14
  16. 2010/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
[10 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:4BF2F6B5

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #15
  17. 2010/11/29
    jerry zarb

    jerry zarb Well-Known Member Thread Starter

    Joined:
    2002/01/26
    Messages:
    123
    Likes Received:
    0
    OTL RUN/FIX LOG :-
    I need to take care of some family matters now. I should be able to do the next scans in an hour or so and will send them then.

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found not found.
    C:\Documents and Settings\All Users\Application Data\ISx12.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ISx3E.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ISx525.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ISx53C.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ISx53D.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ISx53E.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ISx57F.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ISx580.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ISx5E0.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ISx98.tmp deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\Temp:4BF2F6B5 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 59337402 bytes
    ->Temporary Internet Files folder emptied: 10360573 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 1830 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: WV
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1061 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 14000 bytes

    Total Files Cleaned = 67.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: WV

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11292010_164743

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF487F.tmp moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF67F9.tmp moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U5XMK4RZ\96496-active-possible-virus-malware-infection[1].html moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U5XMK4RZ\iframe3[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U5XMK4RZ\st[1] moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U5XMK4RZ\st[2] moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S4N0H3IB\iframe3[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S4N0H3IB\st[1] moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S4GQY7FE\st[1] moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S4GQY7FE\st[2] moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S4GQY7FE\welcome[1].txt moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ROU4LGHN\md[1].php moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

    Registry entries deleted on Reboot...
     
    jerry zarb,
    #16
  18. 2010/11/29
    jerry zarb

    jerry zarb Well-Known Member Thread Starter

    Joined:
    2002/01/26
    Messages:
    123
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    CA Anti-Virus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Ad-Aware
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.0.12.36
    Adobe Reader 9.4.1
    Korean Fonts Support For Adobe Reader 9
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe
    CA CA Internet Security Suite CA Anti-Virus ISafe.exe
    CA CA Internet Security Suite CA Anti-Virus VetMsg.exe
    CA CA Internet Security Suite CA Anti-Virus CAVRID.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
    jerry zarb,
    #17
  19. 2010/11/29
    jerry zarb

    jerry zarb Well-Known Member Thread Starter

    Joined:
    2002/01/26
    Messages:
    123
    Likes Received:
    0
    TFC run. (It did ask for a reboot).

    Ran ESET On line scanner as instructed.

    It did not find any treaths. (However,Please note:- I put the CA Antivurus on snooze (disabled it) for 60 minutes thinking it was sufficient time for the scan to be carried out.The scan took over 3 hours to complete and I had to put the antivirus back on snooze during the scan process .
    It is almost bed time here now so I will put the CA on snooze for a 4 hour period and re run the ESET while I sleep. just in case it needed the antivirus off during the whole scan. I will look for your reply later.
     
    jerry zarb,
    #18
  20. 2010/11/29
    jerry zarb

    jerry zarb Well-Known Member Thread Starter

    Joined:
    2002/01/26
    Messages:
    123
    Likes Received:
    0
    Good Morning. A new scan done overnight has found no treaths.I will await new instructions.
     
    jerry zarb,
    #19
  21. 2010/11/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...