Jump to content


Photo

Internet Defender


  • This topic is locked This topic is locked
14 replies to this topic

#1 petergf

petergf

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 04 March 2011 - 11:28 PM

Hi, I'm peter and really need some help to get rid of this rogue

#2 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 05 March 2011 - 12:19 AM

Please, to get help with cleaning your computer follow the instructions in the topic Read This Before You Post!.

#3 petergf

petergf

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 05 March 2011 - 12:49 AM

Please, to get help with cleaning your computer follow the instructions in the topic Read This Before You Post!.

hi, yes I have done this, why doesn't ad-aware see it

#4 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 05 March 2011 - 12:58 AM

There are around 60 000 new malicious files every day and therefore no antivirus or antimalware program can detect all malicious files immediately.

In step #3 in the instructions you should paste the contents of the two logs OTL.Txt and ExtrasTxt in your answer here.

#5 petergf

petergf

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 05 March 2011 - 06:55 AM

OTL logfile created on: 5/03/2011 3:50:20 PM - Run 3
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\exotics\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.03 Gb Total Space | 70.88 Gb Free Space | 50.98% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 0.76 Gb Free Space | 7.55% Space Free | Partition Type: NTFS
Drive H: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 1396.61 Gb Total Space | 39.94 Gb Free Space | 2.86% Space Free | Partition Type: NTFS

Computer Name: EXOTICS-PC | User Name: exotics | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\exotics\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\exotics\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FirebirdServerMAGIXInstance) -- File not found
SRV - (Fabs) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (BITCOMET_HELPER_SERVICE) -- I:\Program Files\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (nlsX86cc) -- C:\Windows\System32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (astcc) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()
DRV - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\Windows\System32\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
DRV - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\Windows\System32\drivers\swumxa3.sys (Sierra Wireless Inc.)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 7D B4 7A 57 BA CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: bookmarks@cometmarks.com:1.65
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.21.1
FF - prefs.js..extensions.enabledItems: {567F62D2-2162-43fe-A573-E5620D0934B2}:2.06
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.19
FF - prefs.js..extensions.enabledItems: {F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}:1.8

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/01 06:11:50 | 000,000,000 | ---D | M]

[2010/01/10 10:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\exotics\AppData\Roaming\Mozilla\Extensions
[2010/11/04 11:38:58 | 000,000,000 | ---D | M] (Browser UI Enhancement) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{567F62D2-2162-43FE-A573-E5620D0934B2}
[2010/11/04 11:38:58 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
[2010/11/04 11:38:58 | 000,000,000 | ---D | M] (Software Update Checker) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{F5CEF9AD-F6AF-4B69-AB6D-936BF6BCB6D7}
[2010/11/04 11:38:59 | 000,000,000 | ---D | M] (CometMarks Bookmark Synchronizer) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\BOOKMARKS@COMETMARKS.COM
[2010/11/04 11:38:58 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\CTRL-TAB@DESIGN-NOIR.DE

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - i:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [BitComet] I:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKCU..\Run: [e8436b25-94bc-4415-a1f9-6cb80571564b_35] C:\ProgramData\e8436b25-94bc-4415-a1f9-6cb80571564b_35.avi ()
O4 - HKCU..\Run: [uTorrent] I:\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Web Video Downloader] I:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe (SourceTec Software Co., LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: &D&ownload &with BitComet - i:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - i:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - i:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O10 - Protocol_Catalog9\Catalog_Entries00000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries00000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries00000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/19 07:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{50f726fb-fd7c-11de-ba45-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{50f726fb-fd7c-11de-ba45-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\INDEX.html
O33 - MountPoints2\{6e85bf4f-f795-11de-901c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6e85bf4f-f795-11de-901c-806e6f6e6963}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- [2009/10/15 07:28:45 | 003,271,968 | ---- | M] (Western Digital)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- [2009/10/15 07:28:45 | 003,271,968 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/04 13:05:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/03/04 13:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/03/01 09:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\SureThing CD Labeler 5
[2011/02/23 15:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/02/23 15:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2011/02/23 15:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/02/23 11:16:51 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/23 11:16:51 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/20 13:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar
[2011/02/20 10:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/02/20 10:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2011/02/19 14:58:22 | 000,000,000 | ---D | C] -- C:\Users\exotics\Documents
[2011/02/10 16:05:58 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/10 16:05:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/10 16:05:58 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/10 16:05:58 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/10 16:05:58 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/10 16:05:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/10 16:05:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/10 16:05:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/10 16:05:57 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/10 16:02:24 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/10 16:02:24 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/10 15:09:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/10 15:09:27 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/10 15:03:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/10 15:03:27 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/10 15:03:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/10 15:03:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/10 15:02:12 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/10 14:59:13 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/10 14:59:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/10 14:58:11 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/07 09:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
[2009/12/06 10:36:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\exotics\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/03/05 15:11:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-981672561-3144461617-2792349601-1000UA.job
[2011/03/05 15:08:08 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/05 11:55:19 | 000,010,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 11:55:19 | 000,010,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 11:47:32 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/05 11:47:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/05 11:47:07 | 1602,101,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/05 10:06:02 | 000,001,422 | ---- | M] () -- C:\Users\exotics\Desktop\OTL - Shortcut.lnk
[2011/03/05 09:23:34 | 000,001,103 | ---- | M] () -- C:\Users\exotics\Desktop\TFC - Shortcut.lnk
[2011/03/05 09:23:21 | 000,002,853 | ---- | M] () -- C:\Users\exotics\Desktop\rkill - Shortcut.pif
[2011/03/05 07:11:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-981672561-3144461617-2792349601-1000Core.job
[2011/03/04 13:36:37 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/03/04 13:05:56 | 000,001,130 | ---- | M] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/04 13:05:56 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/03/04 12:09:24 | 000,000,842 | -HS- | M] () -- C:\ProgramData\e8436b25-94bc-4415-a1f9-6cb80571564b_.mkv
[2011/03/04 12:06:55 | 002,568,192 | -HS- | M] () -- C:\ProgramData\e8436b25-94bc-4415-a1f9-6cb80571564b_35.avi
[2011/03/02 12:16:07 | 000,000,700 | ---- | M] () -- C:\Users\exotics\Desktop\RAR Password Recovery Magic (2).lnk
[2011/03/02 06:57:27 | 000,001,173 | ---- | M] () -- C:\Users\exotics\AppData\Roaming\vso_ts_preview.xml
[2011/03/02 04:12:29 | 000,002,244 | ---- | M] () -- C:\Users\exotics\Desktop\Google Chrome.lnk
[2011/03/02 04:12:29 | 000,002,121 | ---- | M] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/01 09:54:54 | 000,001,069 | ---- | M] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\SureThing CD Labeler Deluxe 5.lnk
[2011/03/01 09:54:54 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\SureThing CD Labeler Deluxe 5.lnk
[2011/03/01 09:23:19 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/02/27 10:00:06 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/02/26 10:47:55 | 000,000,747 | ---- | M] () -- C:\Users\exotics\Desktop\uTorrent.lnk
[2011/02/21 15:02:19 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForexotics.job
[2011/02/20 13:28:14 | 000,000,677 | ---- | M] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2011/02/20 13:12:47 | 000,008,192 | ---- | M] () -- C:\Users\exotics\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/19 07:45:07 | 000,007,598 | ---- | M] () -- C:\Users\exotics\AppData\Local\Resmon.ResmonCfg
[2011/02/11 03:21:08 | 000,510,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/08 06:45:25 | 000,000,328 | ---- | M] () -- C:\Users\exotics\Desktop\HP Printer Diagnostic Tools.url
[2011/02/07 09:03:24 | 000,000,689 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk

========== Files Created - No Company Name ==========

[2011/03/05 10:06:02 | 000,001,422 | ---- | C] () -- C:\Users\exotics\Desktop\OTL - Shortcut.lnk
[2011/03/05 09:23:34 | 000,001,103 | ---- | C] () -- C:\Users\exotics\Desktop\TFC - Shortcut.lnk
[2011/03/05 09:23:21 | 000,002,853 | ---- | C] () -- C:\Users\exotics\Desktop\rkill - Shortcut.pif
[2011/03/04 17:47:16 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/03/04 13:05:56 | 000,001,130 | ---- | C] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/04 13:05:56 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/03/04 12:07:29 | 000,000,842 | -HS- | C] () -- C:\ProgramData\e8436b25-94bc-4415-a1f9-6cb80571564b_.mkv
[2011/03/04 12:06:55 | 002,568,192 | -HS- | C] () -- C:\ProgramData\e8436b25-94bc-4415-a1f9-6cb80571564b_35.avi
[2011/03/02 12:16:07 | 000,000,700 | ---- | C] () -- C:\Users\exotics\Desktop\RAR Password Recovery Magic (2).lnk
[2011/03/01 09:54:54 | 000,001,069 | ---- | C] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\SureThing CD Labeler Deluxe 5.lnk
[2011/03/01 09:54:54 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\SureThing CD Labeler Deluxe 5.lnk
[2011/02/26 10:47:24 | 000,000,747 | ---- | C] () -- C:\Users\exotics\Desktop\uTorrent.lnk
[2011/02/20 13:28:14 | 000,000,677 | ---- | C] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2011/02/20 10:36:07 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/20 10:36:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/20 10:36:07 | 000,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2011/02/08 06:45:25 | 000,000,328 | ---- | C] () -- C:\Users\exotics\Desktop\HP Printer Diagnostic Tools.url
[2011/01/31 12:53:54 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/07 14:11:00 | 000,000,876 | ---- | C] () -- C:\Windows\ARPR.INI
[2010/12/01 19:25:44 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010/11/04 16:13:55 | 000,164,832 | ---- | C] () -- C:\Windows\hpoins32.dat
[2010/11/04 16:13:54 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat
[2010/10/01 20:38:43 | 000,007,598 | ---- | C] () -- C:\Users\exotics\AppData\Local\Resmon.ResmonCfg
[2010/06/17 13:15:59 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/10 13:18:37 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010/05/04 21:12:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/05/04 21:06:55 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/02/01 06:11:08 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/29 10:55:30 | 000,008,192 | ---- | C] () -- C:\Users\exotics\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 22:38:42 | 000,042,280 | ---- | C] () -- C:\Windows\System32\wacomwucoinst3.dll
[2010/01/10 10:37:47 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/01/02 13:18:53 | 000,077,378 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/12/18 05:50:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/16 14:44:49 | 000,019,501 | ---- | C] () -- C:\Windows\hpqins13.dat.temp
[2009/12/06 10:36:33 | 000,087,608 | ---- | C] () -- C:\Users\exotics\AppData\Roaming\inst.exe
[2009/12/06 10:36:33 | 000,007,887 | ---- | C] () -- C:\Users\exotics\AppData\Roaming\pcouffin.cat
[2009/12/06 10:36:33 | 000,001,144 | ---- | C] () -- C:\Users\exotics\AppData\Roaming\pcouffin.inf
[2009/12/05 22:15:31 | 000,001,173 | ---- | C] () -- C:\Users\exotics\AppData\Roaming\vso_ts_preview.xml
[2009/12/02 14:41:22 | 000,019,104 | ---- | C] () -- C:\Windows\hpqins13.dat
[2009/11/26 14:56:42 | 000,028,288 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:33:53 | 000,510,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,628,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,110,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 10:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/11 09:30:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1554.dll
[2008/11/10 14:40:42 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/10 14:40:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/08/22 10:16:00 | 000,046,456 | R--- | C] () -- C:\Windows\System32\exitwx.exe

========== LOP Check ==========

[2010/09/21 10:34:59 | 000,000,000 | -HSD | M] -- C:\Users\exotics\AppData\Roaming\.#
[2010/08/16 10:06:24 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\1ClickDVDCopy
[2010/10/16 23:15:34 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Alien Skin
[2010/01/10 10:29:50 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Autodesk
[2011/02/27 10:20:01 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\BitComet
[2010/01/29 10:56:59 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Canneverbe_Limited
[2010/01/10 10:29:50 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\CometNetwork
[2010/10/04 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\CometPlayer
[2010/06/14 12:28:37 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\CopyToDvd
[2010/04/30 15:25:53 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\DAEMON Tools
[2010/06/07 12:02:55 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\DriverCure
[2010/06/17 13:23:37 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\DVDCreator
[2011/01/13 12:57:38 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Forte
[2010/12/04 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\ImgBurn
[2010/12/03 15:52:51 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\MAGIX
[2010/10/19 19:32:21 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\onOne Software
[2010/01/10 10:30:02 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\PowerCinema
[2010/12/03 09:33:30 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Publish Providers
[2010/09/20 11:57:42 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Sierra Wireless
[2010/12/03 09:33:12 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Sony
[2010/06/10 11:47:07 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Thinstall
[2010/12/24 15:39:30 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\TigerPlayer
[2011/03/05 15:47:43 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\uTorrent
[2011/03/02 06:57:28 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Vso
[2010/01/10 10:30:02 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Western Digital
[2010/01/04 06:39:35 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Western DigitalTemp
[2010/01/10 10:30:02 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\WinBatch
[2010/11/02 06:53:47 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Windows Live Writer
[2011/02/27 10:00:06 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/11/06 06:06:25 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 853 bytes -> C:\Users\exotics\Favorites\Documents\FW_ USAF NEW 21,000 Lb MOAB.eml:OECustomProperty
@Alternate Data Stream - 829 bytes -> C:\Users\exotics\Favorites\Documents\RE_ Clarifing help please.eml:OECustomProperty
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:C265C458

< End of report >

#6 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 05 March 2011 - 01:05 PM

Please, post the Extra.txt log, too.

Close your browsers and uninstall YouTube Downloader Toolbar and SearchSettings.


Follow the instructions on http://www.bleepingc...to-use-combofix for installing and running ComboFix.

Read carefully and note the "Disclaimer of warranty"!

Paste the content of the log into your answer.

#7 petergf

petergf

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 05 March 2011 - 11:18 PM

ComboFix 11-03-05.01 - exotics 06/03/2011 7:15.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2037.789 [GMT 10:00]
Running from: c:\users\exotics\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: Avira FireWall *Disabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\e8436b25-94bc-4415-a1f9-6cb80571564b_35.avi
c:\users\exotics\AppData\Local\Temp\wrk5E9.tmp
c:\users\exotics\AppData\Roaming\.#
c:\users\exotics\AppData\Roaming\inst.exe
c:\windows\system32\service
c:\windows\system32\service1012010_TIS17_SfFniAU.log
c:\windows\system32\service1122009_TIS17_SfFniAU.log
c:\windows\system32\service2012010_TIS17_SfFniAU.log
c:\windows\system32\service2122009_TIS17_SfFniAU.log
c:\windows\system32\service3122009_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((((( Files Created from 2011-02-05 to 2011-03-05 )))))))))))))))))))))))))))))))
.
.
2011-03-05 21:54 . 2011-03-05 21:54 -------- d-----w- c:\users\peter\AppData\Local\temp
2011-03-05 21:54 . 2011-03-05 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-04 07:47 . 2011-03-04 03:36 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-04 03:05 . 2011-03-04 03:05 -------- dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2011-02-28 23:54 . 2011-02-28 23:54 -------- d-----w- c:\program files\SureThing CD Labeler 5
2011-02-23 17:00 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 01:16 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 01:16 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-20 00:36 . 2011-02-23 07:11 -------- d-----w- c:\program files\Xvid
2011-02-20 00:36 . 2009-06-07 06:25 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-20 00:36 . 2009-06-07 06:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-20 00:36 . 2009-06-07 06:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-10 06:02 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-02-10 06:02 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-10 06:02 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-10 05:09 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-10 05:03 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
2011-02-10 05:03 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-02-10 05:03 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-02-10 05:03 . 2010-12-21 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-10 05:03 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-02-10 05:03 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-02-10 05:03 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
2011-02-10 05:03 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-02-10 05:03 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-02-10 05:03 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-02-10 05:02 . 2011-01-05 03:37 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-10 05:01 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-10 04:59 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-10 04:59 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-10 04:58 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 07:11 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-31 02:53 . 2011-01-31 02:53 848 --sha-w- c:\programdata\KGyGaAvL.sys
2010-12-20 10:50 . 2010-01-10 12:19 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="i:\program files\BitComet\BitComet.exe" [2011-01-27 12336432]
"Google Update"="c:\users\exotics\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-05 133104]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"Web Video Downloader"="i:\program files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe" [2008-11-24 3257616]
"uTorrent"="I:\uTorrent.exe" [2011-03-05 399224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-09-14 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-15 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-15 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-04 1405384]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;i:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-09-10 20640]
R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [2009-01-29 74392]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-10-14 222720]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-10-14 148992]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-11-02 102856]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-11-02 539304]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-02-17 420520]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-05-14 61440]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-03-27 2789672]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-04 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-15 20480]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2010-03-24 79432]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 16168]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 23:03]
.
2011-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 23:03]
.
2011-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-981672561-3144461617-2792349601-1000Core.job
- c:\users\exotics\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 12:05]
.
2011-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-981672561-3144461617-2792349601-1000UA.job
- c:\users\exotics\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 12:05]
.
2011-02-21 c:\windows\Tasks\HPCeeScheduleForexotics.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-10 00:12]
.
2011-02-27 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/m/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cndt
IE: &D&ownload &with BitComet - i:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - i:\program files\BitComet\BitComet.exe/AddAllLink.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {466D2FE4-B72D-4E73-A0B6-2AA1D2FE6073} = 61.9.211.1 61.9.188.33
TCP: {50618A9F-04B1-41DF-8B16-A8346121F585} = 61.88.88.88
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-e8436b25-94bc-4415-a1f9-6cb80571564b_35 - c:\programdata\e8436b25-94bc-4415-a1f9-6cb80571564b_35.avi
AddRemove-Advanced RAR Password Recovery - i:\program files\ElcomSoft\ARPR\uninstall.exe
AddRemove-DVDneXtCOPY 3 Ultimate - i:\program files\DVDneXtCOPY 3\uninstall.exe
AddRemove-Xvid_is1 - c:\program files\Xvid\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-06 08:13:50
ComboFix-quarantined-files.txt 2011-03-05 22:13
.
Pre-Run: 75,224,125,440 bytes free
Post-Run: 75,132,252,160 bytes free
.
- - End Of File - - 8CBEF5D162217E721B6CDB971C6F95D7


with my thanks petergf

#8 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 06 March 2011 - 01:26 AM

Have you not an Extras.txt from OTL?

Please, close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.
How? See http://www.bleepingc...opic114351.html

Start the program OTL.
Copy all the lines in the box:
&#58;OTL
O16 - DPF&#58; {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http&#58;//java.sun.com/update/1.6.0/jinstall-...indows-i586.cab &#40;Java Plug-in 1.6.0_07&#41;
@Alternate Data Stream - 201 bytes -> C&#58;\ProgramData\Temp&#58;C265C458
&#91;2011/02/23 15&#58;41&#58;09 | 000,000,000 | ---D | C&#93; -- C&#58;\Program Files\Application Updater
&#91;2011/02/23 15&#58;41&#58;08 | 000,000,000 | ---D | C&#93; -- C&#58;\Program Files\YouTube Downloader Toolbar
&#91;2011/02/23 15&#58;41&#58;08 | 000,000,000 | ---D | C&#93; -- C&#58;\Program Files\Common Files\Spigot
&#58;Reg
&#58;Files
&#58;Commands
&#91;CREATERESTOREPOINT&#93;
&#91;EMPTYTEMP&#93;
&#91;REBOOT&#93;
Paste them into the field Custom Scans/Fixes.
Click on Run Fix.

If you are asked to restart the computer do that.

Notepad will pop-up with a log. Copy it and paste it into your answer.
If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

Be sure that antivirus programs etc. are active before connecting to internet.

Run OTL in the same way as you ran it the first time. Paste the OTL.txt in your answer, too.

#9 petergf

petergf

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 06 March 2011 - 04:33 AM

All processes killed
========== OTL ==========
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\Temp:C265C458 deleted successfully.
Folder C:\Program Files\Application Updater\ not found.
Folder C:\Program Files\YouTube Downloader Toolbar\ not found.
Folder C:\Program Files\Common Files\Spigot\ not found.
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: exotics
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6194506 bytes
->Flash cache emptied: 0 bytes

User: peter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes


OTL logfile created on: 6/03/2011 1:22:24 PM - Run 7
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\exotics\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.03 Gb Total Space | 70.70 Gb Free Space | 50.85% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 0.76 Gb Free Space | 7.55% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 1.96 Gb Free Space | 44.76% Space Free | Partition Type: UDF
Drive H: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 1396.61 Gb Total Space | 39.87 Gb Free Space | 2.85% Space Free | Partition Type: NTFS

Computer Name: EXOTICS-PC | User Name: exotics | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\exotics\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\exotics\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FirebirdServerMAGIXInstance) -- File not found
SRV - (Fabs) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (BITCOMET_HELPER_SERVICE) -- I:\Program Files\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (nlsX86cc) -- C:\Windows\System32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (astcc) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()
DRV - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\Windows\System32\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
DRV - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\Windows\System32\drivers\swumxa3.sys (Sierra Wireless Inc.)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 7D B4 7A 57 BA CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: bookmarks@cometmarks.com:1.65
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.21.1
FF - prefs.js..extensions.enabledItems: {567F62D2-2162-43fe-A573-E5620D0934B2}:2.06
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.19
FF - prefs.js..extensions.enabledItems: {F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}:1.8

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/01 06:11:50 | 000,000,000 | ---D | M]

[2010/01/10 10:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\exotics\AppData\Roaming\Mozilla\Extensions
[2010/11/04 11:38:58 | 000,000,000 | ---D | M] (Browser UI Enhancement) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{567F62D2-2162-43FE-A573-E5620D0934B2}
[2010/11/04 11:38:58 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
[2010/11/04 11:38:58 | 000,000,000 | ---D | M] (Software Update Checker) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{F5CEF9AD-F6AF-4B69-AB6D-936BF6BCB6D7}
[2010/11/04 11:38:59 | 000,000,000 | ---D | M] (CometMarks Bookmark Synchronizer) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\BOOKMARKS@COMETMARKS.COM
[2010/11/04 11:38:58 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\CTRL-TAB@DESIGN-NOIR.DE

O1 HOSTS File: ([2011/03/06 07:54:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - i:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKCU..\Run: [BitComet] I:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKCU..\Run: [uTorrent] I:\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Web Video Downloader] I:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe (SourceTec Software Co., LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - i:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - i:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - i:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O10 - Protocol_Catalog9\Catalog_Entries00000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries00000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries00000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/19 07:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/06 13:12:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/06 08:14:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/06 08:14:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/06 07:13:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/06 07:13:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/06 07:13:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/06 07:13:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/06 07:13:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/06 07:12:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/06 07:11:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/04 13:05:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/03/04 13:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/03/01 09:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\SureThing CD Labeler 5
[2011/02/23 11:16:51 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/23 11:16:51 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/20 13:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar
[2011/02/20 10:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/02/20 10:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2011/02/19 14:58:22 | 000,000,000 | ---D | C] -- C:\Users\exotics\Documents
[2011/02/10 16:05:58 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/10 16:05:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/10 16:05:58 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/10 16:05:58 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/10 16:05:58 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/10 16:05:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/10 16:05:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/10 16:05:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/10 16:05:57 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/10 16:02:24 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/10 16:02:24 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/10 15:09:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/10 15:09:27 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/10 15:03:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/10 15:03:27 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/10 15:03:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/10 15:03:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/10 15:02:12 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/10 14:59:13 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/10 14:59:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/10 14:58:11 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/07 09:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
[2009/12/06 10:36:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\exotics\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/03/06 13:22:06 | 000,010,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/06 13:22:06 | 000,010,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/06 13:14:25 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/06 13:14:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/06 13:14:04 | 1602,101,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/06 13:11:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-981672561-3144461617-2792349601-1000UA.job
[2011/03/06 13:08:02 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/06 13:02:18 | 000,001,422 | ---- | M] () -- C:\Users\exotics\Desktop\OTL - Shortcut.lnk
[2011/03/06 10:08:38 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/03/06 07:54:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/06 07:12:16 | 000,000,747 | ---- | M] () -- C:\Users\exotics\Desktop\ComboFix - Shortcut.lnk
[2011/03/06 07:11:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-981672561-3144461617-2792349601-1000Core.job
[2011/03/05 09:23:34 | 000,001,103 | ---- | M] () -- C:\Users\exotics\Desktop\TFC - Shortcut.lnk
[2011/03/05 09:23:21 | 000,002,853 | ---- | M] () -- C:\Users\exotics\Desktop\rkill - Shortcut.pif
[2011/03/04 13:36:37 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/03/04 13:05:56 | 000,001,130 | ---- | M] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/04 13:05:56 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/03/04 12:09:24 | 000,000,842 | -HS- | M] () -- C:\ProgramData\e8436b25-94bc-4415-a1f9-6cb80571564b_.mkv
[2011/03/02 12:16:07 | 000,000,700 | ---- | M] () -- C:\Users\exotics\Desktop\RAR Password Recovery Magic (2).lnk
[2011/03/02 06:57:27 | 000,001,173 | ---- | M] () -- C:\Users\exotics\AppData\Roaming\vso_ts_preview.xml
[2011/03/02 04:12:29 | 000,002,244 | ---- | M] () -- C:\Users\exotics\Desktop\Google Chrome.lnk
[2011/03/02 04:12:29 | 000,002,121 | ---- | M] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/01 09:54:54 | 000,001,069 | ---- | M] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\SureThing CD Labeler Deluxe 5.lnk
[2011/03/01 09:54:54 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\SureThing CD Labeler Deluxe 5.lnk
[2011/03/01 09:23:19 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/02/26 10:47:55 | 000,000,747 | ---- | M] () -- C:\Users\exotics\Desktop\uTorrent.lnk
[2011/02/21 15:02:19 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForexotics.job
[2011/02/20 13:28:14 | 000,000,677 | ---- | M] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2011/02/20 13:12:47 | 000,008,192 | ---- | M] () -- C:\Users\exotics\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/19 07:45:07 | 000,007,598 | ---- | M] () -- C:\Users\exotics\AppData\Local\Resmon.ResmonCfg
[2011/02/11 03:21:08 | 000,510,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/08 06:45:25 | 000,000,328 | ---- | M] () -- C:\Users\exotics\Desktop\HP Printer Diagnostic Tools.url
[2011/02/07 09:03:24 | 000,000,689 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk

========== Files Created - No Company Name ==========

[2011/03/06 13:02:18 | 000,001,422 | ---- | C] () -- C:\Users\exotics\Desktop\OTL - Shortcut.lnk
[2011/03/06 07:13:56 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/06 07:13:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/06 07:13:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/06 07:13:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/06 07:13:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/06 07:12:16 | 000,000,747 | ---- | C] () -- C:\Users\exotics\Desktop\ComboFix - Shortcut.lnk
[2011/03/05 09:23:34 | 000,001,103 | ---- | C] () -- C:\Users\exotics\Desktop\TFC - Shortcut.lnk
[2011/03/05 09:23:21 | 000,002,853 | ---- | C] () -- C:\Users\exotics\Desktop\rkill - Shortcut.pif
[2011/03/04 17:47:16 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/03/04 13:05:56 | 000,001,130 | ---- | C] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/04 13:05:56 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/03/04 12:07:29 | 000,000,842 | -HS- | C] () -- C:\ProgramData\e8436b25-94bc-4415-a1f9-6cb80571564b_.mkv
[2011/03/02 12:16:07 | 000,000,700 | ---- | C] () -- C:\Users\exotics\Desktop\RAR Password Recovery Magic (2).lnk
[2011/03/01 09:54:54 | 000,001,069 | ---- | C] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\SureThing CD Labeler Deluxe 5.lnk
[2011/03/01 09:54:54 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\SureThing CD Labeler Deluxe 5.lnk
[2011/02/26 10:47:24 | 000,000,747 | ---- | C] () -- C:\Users\exotics\Desktop\uTorrent.lnk
[2011/02/20 13:28:14 | 000,000,677 | ---- | C] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2011/02/20 10:36:07 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/20 10:36:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/20 10:36:07 | 000,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2011/02/08 06:45:25 | 000,000,328 | ---- | C] () -- C:\Users\exotics\Desktop\HP Printer Diagnostic Tools.url
[2011/01/31 12:53:54 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/07 14:11:00 | 000,000,876 | ---- | C] () -- C:\Windows\ARPR.INI
[2010/12/01 19:25:44 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010/11/04 16:13:55 | 000,164,832 | ---- | C] () -- C:\Windows\hpoins32.dat
[2010/11/04 16:13:54 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat
[2010/10/01 20:38:43 | 000,007,598 | ---- | C] () -- C:\Users\exotics\AppData\Local\Resmon.ResmonCfg
[2010/06/17 13:15:59 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/10 13:18:37 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010/05/04 21:12:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/05/04 21:06:55 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/02/01 06:11:08 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/29 10:55:30 | 000,008,192 | ---- | C] () -- C:\Users\exotics\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 22:38:42 | 000,042,280 | ---- | C] () -- C:\Windows\System32\wacomwucoinst3.dll
[2010/01/10 10:37:47 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/01/02 13:18:53 | 000,077,378 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/12/18 05:50:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/16 14:44:49 | 000,019,501 | ---- | C] () -- C:\Windows\hpqins13.dat.temp
[2009/12/06 10:36:33 | 000,007,887 | ---- | C] () -- C:\Users\exotics\AppData\Roaming\pcouffin.cat
[2009/12/06 10:36:33 | 000,001,144 | ---- | C] () -- C:\Users\exotics\AppData\Roaming\pcouffin.inf
[2009/12/05 22:15:31 | 000,001,173 | ---- | C] () -- C:\Users\exotics\AppData\Roaming\vso_ts_preview.xml
[2009/12/02 14:41:22 | 000,019,104 | ---- | C] () -- C:\Windows\hpqins13.dat
[2009/11/26 14:56:42 | 000,028,288 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:33:53 | 000,510,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,628,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,110,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 10:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/11 09:30:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1554.dll
[2008/11/10 14:40:42 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/10 14:40:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/08/22 10:16:00 | 000,046,456 | R--- | C] () -- C:\Windows\System32\exitwx.exe

========== LOP Check ==========

[2010/08/16 10:06:24 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\1ClickDVDCopy
[2010/10/16 23:15:34 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Alien Skin
[2010/01/10 10:29:50 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Autodesk
[2011/02/27 10:20:01 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\BitComet
[2010/01/29 10:56:59 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Canneverbe_Limited
[2010/01/10 10:29:50 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\CometNetwork
[2010/10/04 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\CometPlayer
[2010/06/14 12:28:37 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\CopyToDvd
[2010/04/30 15:25:53 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\DAEMON Tools
[2010/06/07 12:02:55 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\DriverCure
[2010/06/17 13:23:37 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\DVDCreator
[2011/01/13 12:57:38 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Forte
[2010/12/04 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\ImgBurn
[2010/12/03 15:52:51 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\MAGIX
[2010/10/19 19:32:21 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\onOne Software
[2010/01/10 10:30:02 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\PowerCinema
[2010/12/03 09:33:30 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Publish Providers
[2010/09/20 11:57:42 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Sierra Wireless
[2010/12/03 09:33:12 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Sony
[2010/06/10 11:47:07 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Thinstall
[2010/12/24 15:39:30 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\TigerPlayer
[2011/03/06 13:16:50 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\uTorrent
[2011/03/02 06:57:28 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Vso
[2010/01/10 10:30:02 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Western Digital
[2010/01/04 06:39:35 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Western DigitalTemp
[2010/01/10 10:30:02 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\WinBatch
[2010/11/02 06:53:47 | 000,000,000 | ---D | M] -- C:\Users\exotics\AppData\Roaming\Windows Live Writer
[2011/03/06 10:08:38 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/11/06 06:06:25 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 853 bytes -> C:\Users\exotics\Favorites\Documents\FW_ USAF NEW 21,000 Lb MOAB.eml:OECustomProperty
@Alternate Data Stream - 829 bytes -> C:\Users\exotics\Favorites\Documents\RE_ Clarifing help please.eml:OECustomProperty
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:C265C458

< End of report >


User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 03062011_132750

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#10 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 06 March 2011 - 11:32 AM

What files exists in the folder C:\ProgramData\Temp?

Have you not an Extras.txt from OTL?

Run an online scan with Eset http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Un-check "Remove found threats"
Check "Scan Archives"

Click "Advanced Settings"
Check:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Scan

When the scan completes the log file C:\Program\Eset\Eset Online Scanner\log.txt is created. Open it in Notepad and paste its content in your answer.

#11 petergf

petergf

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 10 March 2011 - 09:57 PM

C:\ProgramData\Temp is empty now
no Extras.txt

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineSc annerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=72e74876186ca84285f74fb301e998f6
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-10 01:11:51
# local_time=2011-03-10 11:11:51 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1798 16775165 100 95 0 36592488 0 0
# compatibility_mode=5893 16776574 100 85 51333914 51347714 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=21786
# found=0
# cleaned=0
# scan_time=2989
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=72e74876186ca84285f74fb301e998f6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-10 04:02:12
# local_time=2011-03-11 02:02:12 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1798 16775165 100 95 0 36608334 0 0
# compatibility_mode=5893 16776574 100 85 51349760 51363560 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=245446
# found=3
# cleaned=0
# scan_time=40565
C:\Qoobox\Quarantine\C\ProgramData\e8436b25-94bc-4415-a1f9-6cb80571564b_35.avi.vir probably a variant of Win32/Adware.AntimalwareDefender.B application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\exotics\AppData\Local\Temp\wrk5E9.tmp.vir probably a variant of Win32/Adware.AntimalwareDefender.B application (unable to clean) 00000000000000000000000000000000 I
I:\Program Files\Driver-Soft\DriverGenius\NvDriverTweak.exe probably a variant of Win32/TrojanDownloader.Adload.KXYLVMS trojan (unable to clean) 00000000000000000000000000000000 I

#12 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 10 March 2011 - 11:34 PM

I:\Program Files\Driver-Soft\DriverGenius\NvDriverTweak.exe probably a variant of Win32/TrojanDownloader.Adload.KXYLVMS trojan (unable to clean)
Did you install that program just before the computer got infected or is it a long time ago?

Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.
How? See http://www.bleepingc...opic114351.html

Start the program OTL.
Copy all the lines in the box:
&#58;Files
C&#58;\ProgramData\Temp
&#58;Commands
&#91;CREATERESTOREPOINT&#93;
&#91;REBOOT&#93;
Paste them into the field Custom Scans/Fixes.
Click on Run Fix.

If you are asked to restart the computer do that.

Notepad will pop-up with a log. Copy it and paste it into your answer.
If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

Be sure that antivirus programs etc. are active before connecting to internet.

Start OTL and select "Use SafeList" in the "Extra Registry" group before you click "Run Scan". Both OTL.txt and Extras.txt will be created. Paste Extras.txt in your answer.

Follow the instructions on http://www.bleepingc...to-use-combofix for installing and running ComboFix.

Read carefully and note the "Disclaimer of warranty"!

Paste the content of the log into your answer.

#13 petergf

petergf

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 11 March 2011 - 03:34 AM

driver-soft was an old nvida program i have deleted it



C:\ProgramData\Temp folder moved successfully.
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.22.2 log created on 03112011_113746


OTL logfile created on: 11/03/2011 11:48:47 AM - Run 8
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\exotics\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.03 Gb Total Space | 64.84 Gb Free Space | 46.64% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 0.76 Gb Free Space | 7.55% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 95.45 Gb Free Space | 20.49% Space Free | Partition Type: NTFS
Drive H: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 1396.61 Gb Total Space | 25.97 Gb Free Space | 1.86% Space Free | Partition Type: NTFS

Computer Name: EXOTICS-PC | User Name: exotics | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Users\exotics\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (Lavasoft Limited )
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\exotics\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mssprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msoert2.dll (Microsoft Corporation)
MOD - C:\Windows\System32\INETRES.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FirebirdServerMAGIXInstance) -- File not found
SRV - (Fabs) -- File not found
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (BITCOMET_HELPER_SERVICE) -- I:\Program Files\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (nlsX86cc) -- C:\Windows\System32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (astcc) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()
DRV - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\Windows\System32\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
DRV - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\Windows\System32\drivers\swumxa3.sys (Sierra Wireless Inc.)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 7D B4 7A 57 BA CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: bookmarks@cometmarks.com:1.65
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.21.1
FF - prefs.js..extensions.enabledItems: {567F62D2-2162-43fe-A573-E5620D0934B2}:2.06
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.19
FF - prefs.js..extensions.enabledItems: {F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}:1.8

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/01 06:11:50 | 000,000,000 | ---D | M]

[2010/01/10 10:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\exotics\AppData\Roaming\Mozilla\Extensions
[2010/11/04 11:38:58 | 000,000,000 | ---D | M] (Browser UI Enhancement) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{567F62D2-2162-43FE-A573-E5620D0934B2}
[2010/11/04 11:38:58 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
[2010/11/04 11:38:58 | 000,000,000 | ---D | M] (Software Update Checker) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{F5CEF9AD-F6AF-4B69-AB6D-936BF6BCB6D7}
[2010/11/04 11:38:59 | 000,000,000 | ---D | M] (CometMarks Bookmark Synchronizer) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\BOOKMARKS@COMETMARKS.COM
[2010/11/04 11:38:58 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\CTRL-TAB@DESIGN-NOIR.DE

O1 HOSTS File: ([2011/03/06 07:54:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - i:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKCU..\Run: [BitComet] I:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKCU..\Run: [uTorrent] I:\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Web Video Downloader] I:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe (SourceTec Software Co., LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - i:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - i:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - i:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O10 - Protocol_Catalog9\Catalog_Entries00000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries00000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries00000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/19 07:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/11 11:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/03/11 03:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/03/09 20:24:29 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/03/09 20:24:29 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 20:24:28 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 20:24:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 20:23:29 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/09 20:23:29 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/09 12:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/06 13:12:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/06 08:14:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/06 08:14:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/06 07:13:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/06 07:13:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/06 07:13:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/06 07:13:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/06 07:13:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/06 07:12:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/06 07:11:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/04 13:05:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/03/04 13:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/03/01 09:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\SureThing CD Labeler 5
[2011/02/23 11:16:51 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/23 11:16:51 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/20 13:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar
[2011/02/20 10:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/02/20 10:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2011/02/19 14:58:22 | 000,000,000 | ---D | C] -- C:\Users\exotics\Favorites\Documents\Documents
[2011/02/10 16:05:58 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/10 16:05:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/10 16:05:58 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/10 16:05:58 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/10 16:05:58 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/10 16:05:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/10 16:05:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/10 16:05:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/10 16:05:57 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/10 16:02:24 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/10 16:02:24 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/10 15:09:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/10 15:09:27 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/10 15:03:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/10 15:03:27 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/10 15:03:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/10 15:03:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/10 15:02:12 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/10 14:59:13 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/10 14:59:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/10 14:58:11 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2009/12/06 10:36:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\exotics\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/03/11 11:46:55 | 000,010,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/11 11:46:55 | 000,010,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/11 11:39:47 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/11 11:39:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/11 11:39:21 | 1602,101,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/11 11:11:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-981672561-3144461617-2792349601-1000UA.job
[2011/03/11 11:08:05 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/11 07:11:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-981672561-3144461617-2792349601-1000Core.job
[2011/03/11 06:55:30 | 000,000,917 | ---- | M] () -- C:\Program Files\Program Files - Shortcut.lnk
[2011/03/11 06:50:18 | 000,000,485 | ---- | M] () -- C:\Program Files\Expansion Drive (F) - Shortcut.lnk
[2011/03/11 06:14:24 | 000,002,244 | ---- | M] () -- C:\Users\exotics\Favorites\Documents\Documents\Desktop\Google Chrome.lnk
[2011/03/11 06:14:24 | 000,002,121 | ---- | M] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/10 12:25:11 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/06 13:02:18 | 000,001,422 | ---- | M] () -- C:\Users\exotics\Favorites\Documents\Documents\Desktop\OTL - Shortcut.lnk
[2011/03/06 10:08:38 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/03/06 07:54:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/06 07:12:16 | 000,000,747 | ---- | M] () -- C:\Users\exotics\Favorites\Documents\Documents\Desktop\ComboFix - Shortcut.lnk
[2011/03/05 09:23:34 | 000,001,103 | ---- | M] () -- C:\Users\exotics\Favorites\Documents\Documents\Desktop\TFC - Shortcut.lnk
[2011/03/05 09:23:21 | 000,002,853 | ---- | M] () -- C:\Users\exotics\Favorites\Documents\Documents\Desktop\rkill - Shortcut.pif
[2011/03/04 13:36:37 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/03/04 13:05:56 | 000,001,130 | ---- | M] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/04 13:05:56 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/03/04 12:09:24 | 000,000,842 | -HS- | M] () -- C:\ProgramData\e8436b25-94bc-4415-a1f9-6cb80571564b_.mkv
[2011/03/02 12:16:07 | 000,000,700 | ---- | M] () -- C:\Users\exotics\Favorites\Documents\Documents\Desktop\RAR Password Recovery Magic (2).lnk
[2011/03/02 06:57:27 | 000,001,173 | ---- | M] () -- C:\Users\exotics\AppData\Roaming\vso_ts_preview.xml
[2011/03/01 09:54:54 | 000,001,069 | ---- | M] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\SureThing CD Labeler Deluxe 5.lnk
[2011/03/01 09:54:54 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\SureThing CD Labeler Deluxe 5.lnk
[2011/02/26 10:47:55 | 000,000,747 | ---- | M] () -- C:\Users\exotics\Favorites\Documents\Documents\Desktop\uTorrent.lnk
[2011/02/22 10:53:11 | 001,033,469 | ---- | M] () -- C:\Users\exotics\Favorites\Documents\Villiers Collection pics.pdf
[2011/02/22 10:52:32 | 000,972,063 | ---- | M] () -- C:\Users\exotics\Favorites\Documents\Villiers Collection pics WM.pdf
[2011/02/22 10:52:05 | 000,058,454 | ---- | M] () -- C:\Users\exotics\Favorites\Documents\Villiers date file 09 (2).pdf
[2011/02/22 10:46:37 | 000,058,454 | ---- | M] () -- C:\Users\exotics\Favorites\Documents\Villiers date file 09 (1).pdf
[2011/02/22 10:43:26 | 000,101,762 | ---- | M] () -- C:\Users\exotics\Favorites\Documents\Old Villiers Dates.jpg
[2011/02/22 10:40:56 | 000,058,454 | ---- | M] () -- C:\Users\exotics\Favorites\Documents\Villiers date file 09.pdf
[2011/02/21 15:02:19 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForexotics.job
[2011/02/20 13:28:14 | 000,000,677 | ---- | M] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2011/02/20 13:12:47 | 000,008,192 | ---- | M] () -- C:\Users\exotics\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/19 15:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/19 15:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/19 07:45:07 | 000,007,598 | ---- | M] () -- C:\Users\exotics\AppData\Local\Resmon.ResmonCfg
[2011/02/11 03:21:08 | 000,510,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/03/11 06:55:30 | 000,000,917 | ---- | C] () -- C:\Program Files\Program Files - Shortcut.lnk
[2011/03/11 06:50:18 | 000,000,485 | ---- | C] () -- C:\Program Files\Expansion Drive (F) - Shortcut.lnk
[2011/03/06 13:02:18 | 000,001,422 | ---- | C] () -- C:\Users\exotics\Favorites\Documents\Documents\Desktop\OTL - Shortcut.lnk
[2011/03/06 07:13:56 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/06 07:13:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/06 07:13:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/06 07:13:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/06 07:13:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/06 07:12:16 | 000,000,747 | ---- | C] () -- C:\Users\exotics\Favorites\Documents\Documents\Desktop\ComboFix - Shortcut.lnk
[2011/03/05 09:23:34 | 000,001,103 | ---- | C] () -- C:\Users\exotics\Favorites\Documents\Documents\Desktop\TFC - Shortcut.lnk
[2011/03/05 09:23:21 | 000,002,853 | ---- | C] () -- C:\Users\exotics\Favorites\Documents\Documents\Desktop\rkill - Shortcut.pif
[2011/03/04 17:47:16 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/03/04 13:05:56 | 000,001,130 | ---- | C] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/04 13:05:56 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/03/04 12:07:29 | 000,000,842 | -HS- | C] () -- C:\ProgramData\e8436b25-94bc-4415-a1f9-6cb80571564b_.mkv
[2011/03/02 12:16:07 | 000,000,700 | ---- | C] () -- C:\Users\exotics\Favorites\Documents\Documents\Desktop\RAR Password Recovery Magic (2).lnk
[2011/03/01 09:54:54 | 000,001,069 | ---- | C] () -- C:\Users\exotics\Application Data\Microsoft\Internet Explorer\Quick Launch\SureThing CD Labeler Deluxe 5.lnk
[2011/03/01 09:54:54 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\SureThing CD Labeler Deluxe 5.lnk
[2011/02/26 10:47:24 | 000,000,747 | ---- | C] () -- C:\Users\exotics\Favorites\Documents\Documents\Desktop\uTorrent.lnk
[2011/02/22 10:52:05 | 000,058,454 | ---- | C] () -- C:\Users\exotics\Favorites\Documents\Villiers date file 09 (2).pdf
[2011/02/22 10:46:00 | 000,058,454 | ---- | C] () -- C:\Users\exotics\Favorites\Documents\Villiers date file 09 (1).pdf
[2011/02/22 10:45:51 | 001,033,469 | ---- | C] () -- C:\Users\exotics\Favorites\Documents\Villiers Collection pics.pdf
[2011/02/22 10:45:21 | 000,972,063 | ---- | C] () -- C:\Users\exotics\Favorites\Documents\Villiers Collection pics WM.pdf
[2011/02/22 10:43:30 | 000,101,762 | ---- | C] () -- C:\Users\exotics\Favorites\Documents\Old Villiers Dates.jpg
[2011/02/22 10:40:42 | 000,058,454 | ---- | C] () -- C:\Users\exotics\Favorites\Documents\Villiers date file 09.pdf
[2011/02/20 13:28:14 | 000,000,677 | ---- | C] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2011/02/20 10:36:07 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/20 10:36:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/20 10:36:07 | 000,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2011/01/31 12:53:54 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/07 14:11:00 | 000,000,876 | ---- | C] () -- C:\Windows\ARPR.INI
[2010/12/01 19:25:44 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010/11/04 16:13:55 | 000,164,832 | ---- | C] () -- C:\Windows\hpoins32.dat
[2010/11/04 16:13:54 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat
[2010/10/01 20:38:43 | 000,007,598 | ---- | C] () -- C:\Users\exotics\AppData\Local\Resmon.ResmonCfg
[2010/06/17 13:15:59 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/10 13:18:37 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010/05/04 21:12:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/05/04 21:06:55 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/02/01 06:11:08 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/29 10:55:30 | 000,008,192 | ---- | C] () -- C:\Users\exotics\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 22:38:42 | 000,042,280 | ---- | C] () -- C:\Windows\System32\wacomwucoinst3.dll
[2010/01/10 10:37:47 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/01/02 13:18:53 | 000,077,378 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/12/18 05:50:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/16 14:44:49 | 000,019,501 | ---- | C] () -- C:\Windows\hpqins13.dat.temp
[2009/12/06 10:36:33 | 000,007,887 | ---- | C] () -- C:\Users\exotics\AppData\Roaming\pcouffin.cat
[2009/12/06 10:36:33 | 000,001,144 | ---- | C] () -- C:\Users\exotics\AppData\Roaming\pcouffin.inf
[2009/12/05 22:15:31 | 000,001,173 | ---- | C] () -- C:\Users\exotics\AppData\Roaming\vso_ts_preview.xml
[2009/12/02 14:41:22 | 000,019,104 | ---- | C] () -- C:\Windows\hpqins13.dat
[2009/11/26 14:56:42 | 000,028,288 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:33:53 | 000,510,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,628,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,110,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 10:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/11 09:30:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1554.dll
[2008/11/10 14:40:42 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/10 14:40:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/08/22 10:16:00 | 000,046,456 | R--- | C] () -- C:\Windows\System32\exitwx.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 853 bytes -> C:\Users\exotics\Favorites\Documents\FW_ USAF NEW 21,000 Lb MOAB.eml:OECustomProperty
@Alternate Data Stream - 829 bytes -> C:\Users\exotics\Favorites\Documents\RE_ Clarifing help please.eml:OECustomProperty
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:C265C458

< End of report >

ComboFix 11-03-10.01 - exotics 11/03/2011 12:23:33.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2037.850 [GMT 10:00]
Running from: c:\users\exotics\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: Avira FireWall *Disabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-11 to 2011-03-11 )))))))))))))))))))))))))))))))
.
.
2011-03-11 02:30 . 2011-03-11 02:30 -------- d-----w- c:\users\peter\AppData\Local\temp
2011-03-11 02:30 . 2011-03-11 02:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-10 17:01 . 2011-03-10 17:01 -------- d-----w- c:\program files\Microsoft
2011-03-09 10:24 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 10:24 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 10:24 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 10:24 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 10:23 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 10:23 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 10:23 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 10:12 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 10:12 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 02:03 . 2011-03-09 02:03 -------- d-----w- c:\program files\ESET
2011-03-06 03:12 . 2011-03-06 03:12 -------- d-----w- C:\_OTL
2011-03-04 07:47 . 2011-03-04 03:36 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-04 03:05 . 2011-03-04 03:05 -------- dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2011-02-28 23:54 . 2011-03-11 00:11 -------- d-----w- c:\program files\SureThing CD Labeler 5
2011-02-23 17:00 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 01:16 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 01:16 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-20 00:36 . 2011-02-23 07:11 -------- d-----w- c:\program files\Xvid
2011-02-20 00:36 . 2009-06-07 06:25 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-20 00:36 . 2009-06-07 06:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-20 00:36 . 2009-06-07 06:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-10 06:02 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-02-10 06:02 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-10 06:02 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-10 05:09 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-10 05:03 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
2011-02-10 05:03 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-02-10 05:03 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-02-10 05:03 . 2010-12-21 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-10 05:03 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-02-10 05:03 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-02-10 05:03 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
2011-02-10 05:03 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-02-10 05:03 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-02-10 05:03 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-02-10 05:02 . 2011-01-05 03:37 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-10 05:01 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-10 04:59 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-10 04:59 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-10 04:58 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 01:40 . 2010-06-24 01:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 07:11 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-31 02:53 . 2011-01-31 02:53 848 --sha-w- c:\programdata\KGyGaAvL.sys
2010-12-20 10:50 . 2010-01-10 12:19 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="i:\program files\BitComet\BitComet.exe" [2011-01-27 12336432]
"Google Update"="c:\users\exotics\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-05 133104]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"Web Video Downloader"="i:\program files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe" [2008-11-24 3257616]
"uTorrent"="I:\uTorrent.exe" [2011-03-09 398712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-09-14 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-15 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-15 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-04 1405384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;i:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-09-10 20640]
R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [2009-01-29 74392]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-10-14 222720]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-10-14 148992]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-11-02 102856]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-11-02 539304]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-05-14 61440]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-03-27 2789672]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-04 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-15 20480]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2010-03-24 79432]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 16168]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 23:03]
.
2011-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 23:03]
.
2011-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-981672561-3144461617-2792349601-1000Core.job
- c:\users\exotics\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 12:05]
.
2011-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-981672561-3144461617-2792349601-1000UA.job
- c:\users\exotics\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 12:05]
.
2011-02-21 c:\windows\Tasks\HPCeeScheduleForexotics.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-10 00:12]
.
2011-03-06 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/m/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cndt
IE: &D&ownload &with BitComet - i:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - i:\program files\BitComet\BitComet.exe/AddAllLink.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {466D2FE4-B72D-4E73-A0B6-2AA1D2FE6073} = 61.9.211.1 61.9.188.33
TCP: {50618A9F-04B1-41DF-8B16-A8346121F585} = 61.88.88.88
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-11 12:32:58
ComboFix-quarantined-files.txt 2011-03-11 02:32
ComboFix2.txt 2011-03-11 02:04
ComboFix3.txt 2011-03-05 22:14
.
Pre-Run: 69,576,105,984 bytes free
Post-Run: 69,525,139,456 bytes free
.
- - End Of File - - 4AB642F588DCD419B3EA1D09D6F8C5AC

#14 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 11 March 2011 - 11:39 AM

Please, check if there is an Extras.txt in the folder C:\Users\exotics\Downloads.

Move ComboFix.exe from C:\Users\exotics\Downloads to the desktop because otherwise it will be more difficult to follow the instructions.

Copy all lines in the box:
Killall&#58;&#58;
File&#58;&#58;
C&#58;\ProgramData\e8436b25-94bc-4415-a1f9-6cb80571564b_.mkv
Folder&#58;&#58;
C&#58;\ProgramData\TEMP
DirLook&#58;&#58;
C&#58;\ProgramData\
c&#58;\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
RegLock&#58;&#58;
&#91;HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}&#93;
&#91;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security&#93;
and paste into Notepad.
Save the file on the desktop with the name CFScript.

Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.

#15 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 13 April 2011 - 09:49 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users