Jump to content


Photo

Laggy Computer & Google Redirect

Started by blizzard500 , Sep 05 2011 06:58 PM

  • This topic is locked This topic is locked
32 replies to this topic

#1 blizzard500

blizzard500

    Advanced Member

  • Members
  • PipPipPip
  • 41 posts

Posted 05 September 2011 - 06:58 PM

Hi all, first I just wanted to say how great this site is in assisting people with computer problems. Great job!
Recently my computer has been acting up. It gets really slow after about 20 minutes or so from startup. My homepage Google can take a few minutes to load. At startup sometimes I get a blue screen where it reads the disk is checking for consistency-sometimes I skip, sometimes I don't. Not often, Google search will sometimes direct me to some other site too. Please help! Please find below my OTL Log, Extras Log, and HiJackThis Log:

OTL logfile created on: 04/09/2011 10:24:25 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Hugo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

510.73 Mb Total Physical Memory | 203.82 Mb Available Physical Memory | 39.91% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.13% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 6.63 Gb Free Space | 22.11% Space Free | Partition Type: NTFS
Drive F: | 119.05 Gb Total Space | 8.33 Gb Free Space | 6.99% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: Hugo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Hugo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DoScan.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\ScsiAccess.EXE ()
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\eyabamis.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Lexmark X1100 Series\ConvDIB.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL ()
MOD - C:\WINDOWS\system32\ScsiAccess.EXE ()


========== Win32 Services (SafeList) ==========

SRV - (WmdmPmSN) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ScsiAccess) -- C:\WINDOWS\system32\ScsiAccess.EXE ()
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110902.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110902.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sf) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (V124) -- C:\WINDOWS\system32\drivers\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys (Conexant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/28 13:45:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}: C:\Documents and Settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F} [2011/09/04 01:37:30 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Ddavunuma] C:\WINDOWS\eyabamis.dll ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Erakafazeqeqalu] C:\WINDOWS\coprgX2.dll (PCtel Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries00000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1219891777750 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD0AF950-21CB-4DC0-9EB3-50820CD8D860}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Hugo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hugo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/27 20:28:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 22:14:47 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hugo\Desktop\OTL.exe
[2011/09/04 01:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}
[2011/09/03 01:57:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/01 19:53:51 | 000,000,000 | ---D | C] -- C:\found.000
[2011/08/26 18:36:56 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/05 23:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hugo\Application Data\Mael
[2011/08/05 23:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\BreakPoint Software
[2004/06/11 01:27:12 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/04 22:23:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 22:14:52 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hugo\Desktop\OTL.exe
[2011/09/04 22:00:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/04 21:32:09 | 000,004,630 | ---- | M] () -- C:\WINDOWS\uzazukoh.dll
[2011/09/04 21:31:18 | 000,004,630 | ---- | M] () -- C:\WINDOWS\ofidupay.dll
[2011/09/04 01:37:42 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xtulocozi.dat
[2011/09/04 01:37:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qbukadu.bin
[2011/09/04 01:11:02 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/04 00:09:15 | 000,003,832 | ---- | M] () -- C:\WINDOWS\usimijigoki.dll
[2011/09/01 19:55:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/30 23:40:25 | 000,000,940 | -HS- | M] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/30 23:40:25 | 000,000,940 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/30 21:24:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/28 13:58:16 | 007,405,184 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Eminem & Royce Da 5'9 (Bad Meets Evil) (ft. Bruno Mars) - Lighters.mp3
[2011/08/27 17:27:08 | 004,670,935 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Pink Martini - Lilly.flv
[2011/08/26 18:36:56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/25 20:40:06 | 009,759,144 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Enrique Iglesias feat Usher, Lil Wayne & Nayer - Dirty Dancer BMF.mp3
[2011/08/25 14:33:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/22 19:54:41 | 000,565,215 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Cruise Bus.jpg
[2011/08/13 16:09:56 | 000,013,442 | ---- | M] () -- C:\WINDOWS\CDPLAYER.INI
[2011/08/10 21:11:54 | 000,435,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 21:11:54 | 000,068,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 21:06:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/10 19:46:39 | 004,997,158 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Dev - In The Dark.mp3
[2011/08/05 22:58:40 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Hugo\Application Data\winscp.rnd
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/04 21:32:09 | 000,004,630 | ---- | C] () -- C:\WINDOWS\uzazukoh.dll
[2011/09/04 21:31:18 | 000,004,630 | ---- | C] () -- C:\WINDOWS\ofidupay.dll
[2011/09/04 01:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qbukadu.bin
[2011/09/04 01:37:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xtulocozi.dat
[2011/09/04 00:09:15 | 000,003,832 | ---- | C] () -- C:\WINDOWS\usimijigoki.dll
[2011/09/01 20:08:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/30 23:40:25 | 000,000,940 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/30 23:40:25 | 000,000,940 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/28 13:58:03 | 007,405,184 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Eminem & Royce Da 5'9 (Bad Meets Evil) (ft. Bruno Mars) - Lighters.mp3
[2011/08/27 17:25:04 | 004,670,935 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Pink Martini - Lilly.flv
[2011/08/25 14:40:01 | 009,759,144 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Enrique Iglesias feat Usher, Lil Wayne & Nayer - Dirty Dancer BMF.mp3
[2011/08/22 19:54:41 | 000,565,215 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Cruise Bus.jpg
[2011/08/10 19:33:16 | 004,997,158 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Dev - In The Dark.mp3
[2011/07/15 22:57:34 | 000,014,960 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\bg1w2ydj4mt17xmb51t2f0y4
[2011/07/15 22:57:34 | 000,014,960 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bg1w2ydj4mt17xmb51t2f0y4
[2011/06/21 13:44:37 | 000,016,794 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\31e5ei4kp02673
[2011/06/21 13:44:37 | 000,016,794 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\31e5ei4kp02673
[2011/05/28 23:31:14 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18669348r
[2011/05/28 23:31:13 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18669348
[2011/05/28 23:30:07 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18669348
[2011/05/26 01:51:51 | 000,017,748 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\6u3g552vn161808r6ha075onrwq0lu403514j2w321
[2011/05/26 01:51:51 | 000,017,748 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6u3g552vn161808r6ha075onrwq0lu403514j2w321
[2011/05/26 00:06:34 | 000,017,882 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\bvc487bk682w74h1c31i8a
[2011/05/26 00:06:34 | 000,017,882 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bvc487bk682w74h1c31i8a
[2011/05/21 22:30:02 | 000,017,898 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\u2pdfeer6jt15c8bh1yi08t2u4r8yots4kqgaybf880hi
[2011/05/21 22:30:02 | 000,017,898 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\u2pdfeer6jt15c8bh1yi08t2u4r8yots4kqgaybf880hi
[2011/05/21 21:59:31 | 000,018,020 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\w70st7567b4372d
[2011/05/21 21:59:31 | 000,018,020 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w70st7567b4372d
[2011/05/07 22:23:34 | 000,014,176 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\124m11kv487y04u456u06gavfn5303746288g8m2f7
[2011/05/07 22:23:34 | 000,014,176 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\124m11kv487y04u456u06gavfn5303746288g8m2f7
[2011/05/07 21:42:11 | 000,014,300 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\uffu4xy1ih56tow41713764m0032po4b717f67
[2011/05/07 21:42:11 | 000,014,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\uffu4xy1ih56tow41713764m0032po4b717f67
[2010/09/02 20:06:19 | 000,062,904 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/27 17:03:48 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Hugo\Application Data\winscp.rnd
[2009/01/26 22:39:11 | 000,001,640 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/08/27 23:57:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/27 22:22:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/08/27 22:14:16 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/27 22:06:41 | 000,013,442 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2008/08/27 21:07:53 | 000,000,230 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/08/27 21:07:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2008/08/27 21:07:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2008/08/27 21:07:41 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2008/08/27 21:07:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2008/08/27 21:07:23 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2008/08/27 21:03:24 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/08/27 20:30:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/27 20:26:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/27 16:18:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/27 16:17:44 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/10 22:44:56 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/02/04 08:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2003/02/03 06:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002/08/29 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 08:00:00 | 000,435,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 08:00:00 | 000,364,032 | ---- | C] () -- C:\WINDOWS\eyabamis.dll
[2002/08/29 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 08:00:00 | 000,068,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 08:00:00 | 000,020,481 | ---- | C] () -- C:\WINDOWS\System32\elxsinh.dll
[2002/08/29 08:00:00 | 000,007,014 | ---- | C] () -- C:\WINDOWS\System32\wkrnte.dll
[2002/08/29 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/09/08 15:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2011/03/08 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2008/08/27 21:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/09 18:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2011/03/08 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/05/21 22:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/18 14:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/03 02:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/20 20:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/03/08 21:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Bell
[2009/10/17 19:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\ImTOO Software Studio
[2011/08/05 23:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Mael
[2009/06/09 18:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\PACE Anti-Piracy
[2009/01/01 03:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Red Kawa
[2010/05/14 03:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\runic games
[2009/10/17 19:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Xilisoft Corporation

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1230 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:DS2NzVZqpNPAHxd68DRVDM6DoA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1080 bytes -> C:\Documents and Settings\Hugo\Cookies:XxeH6lcXPDqmavuoIkPqR
@Alternate Data Stream - 1076 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:dEltvfysc8HrlHB9aJ2WUVev

< End of report >


Extras Log


OTL Extras logfile created on: 04/09/2011 10:24:25 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Hugo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

510.73 Mb Total Physical Memory | 203.82 Mb Available Physical Memory | 39.91% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.13% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 6.63 Gb Free Space | 22.11% Space Free | Partition Type: NTFS
Drive F: | 119.05 Gb Total Space | 8.33 Gb Free Space | 6.99% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: Hugo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [!ezcddaxa] -- "C:\Program Files\Easy CD-DA Extractor 9\convert.exe" "%1" ()
Directory [!ezcddaxb] -- "C:\Program Files\Easy CD-DA Extractor 9\burn.exe" "%1" ()
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971 -- ()
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{010BA688-705F-4024-92C1-053EAA13A498}" = Mirar
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78F79C84-BFD5-4D79-A07D-F39A3CF428DC}" = HLPIndex
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{ECC69E86-3B0E-4010-AA37-414C5D71B7B9}" = RPS CRT
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"Easy CD-DA Extractor 9.0.1" = Easy CD-DA Extractor 9.0.1
"EOS Utility" = Canon Utilities EOS Utility
"FlashGet" = FlashGet 1.9.0.1012
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark X1100 Series" = Lexmark X1100 Series
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Magic Workstation_is1" = Magic Workstation 0.94f
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Network Adapters and Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Videora iPod Converter" = Videora iPod Converter 4.04
"VLC media player" = VLC media player 0.9.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.1.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YouTube Downloader App" = YouTube Downloader App 1.01
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/09/2011 11:58:30 PM | Computer Name = FAMILYCOMPUTER | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Hacktool.Proxy in File: C:\WINDOWS\temp\hcdoyy\setup.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 02/09/2011 11:04:36 PM | Computer Name = FAMILYCOMPUTER | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.3XE (PID 2160) Time: September 2, 2011 11:04:36 PM

Error - 02/09/2011 11:04:36 PM | Computer Name = FAMILYCOMPUTER | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\iexplore.exe (PID 2980) Time: September 2, 2011 11:04:36
PM

Error - 03/09/2011 1:56:02 AM | Computer Name = FAMILYCOMPUTER | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.3XE (PID 4036) Time: September 3, 2011 1:56:02 AM

Error - 03/09/2011 1:56:02 AM | Computer Name = FAMILYCOMPUTER | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\iexplore.exe (PID 608) Time: September 3, 2011 1:56:02
AM

Error - 04/09/2011 1:33:10 AM | Computer Name = FAMILYCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieframe.dll, version 8.0.6001.19098, fault address 0x0010d71a.

Error - 04/09/2011 9:31:38 PM | Computer Name = FAMILYCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module eyabamis.dll, version 0.0.0.0, fault address 0x000238eb.

Error - 04/09/2011 10:07:05 PM | Computer Name = FAMILYCOMPUTER | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\WINDOWS\system32\taskmgr.exe (PID 2976) Time: September 4, 2011 10:07:05 PM

Error - 04/09/2011 10:07:28 PM | Computer Name = FAMILYCOMPUTER | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe Event Info: Terminate Process Action Taken: Blocked Actor
Process: C:\WINDOWS\system32\taskmgr.exe (PID 2976) Time: September 4, 2011 10:07:28
PM

Error - 04/09/2011 10:07:50 PM | Computer Name = FAMILYCOMPUTER | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\WINDOWS\system32\taskmgr.exe (PID 2976) Time: September 4, 2011 10:07:50 PM

[ System Events ]
Error - 04/09/2011 9:30:26 PM | Computer Name = FAMILYCOMPUTER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 04/09/2011 9:30:26 PM | Computer Name = FAMILYCOMPUTER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 04/09/2011 9:30:26 PM | Computer Name = FAMILYCOMPUTER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 04/09/2011 9:47:55 PM | Computer Name = FAMILYCOMPUTER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 04/09/2011 9:47:55 PM | Computer Name = FAMILYCOMPUTER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 04/09/2011 9:47:55 PM | Computer Name = FAMILYCOMPUTER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 04/09/2011 10:06:44 PM | Computer Name = FAMILYCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 04/09/2011 10:23:28 PM | Computer Name = FAMILYCOMPUTER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 04/09/2011 10:23:28 PM | Computer Name = FAMILYCOMPUTER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 04/09/2011 10:23:28 PM | Computer Name = FAMILYCOMPUTER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.


< End of report >


HiJackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:37 AM, on 04/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Ddavunuma] rundll32.exe "C:\WINDOWS\eyabamis.dll",Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Erakafazeqeqalu] rundll32.exe "C:\WINDOWS\coprgX2.dll",Startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1219891777750
O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8781 bytes


Thanks!

#2 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 5383 posts

Posted 07 September 2011 - 11:00 AM

Hi blizzard500,

How old is the Symantec antivirus, which version?

Upload these files to http://www.virustotal.com/ using the "Upload a file" function and post back the links to the scan reports:
C:\WINDOWS\eyabamis.dll
C:\WINDOWS\coprgX2.dll
C:\WINDOWS\uzazukoh.dll
C:\WINDOWS\ofidupay.dll
C:\Documents and Settings\Hugo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\WINDOWS\usimijigoki.dll
C:\Documents and Settings\Hugo\Local Settings\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
C:\Documents and Settings\All Users\Application Data\uffu4xy1ih56tow41713764m0032po4b717f67

Please, let Symantec antivirus program scan the whole computer and post the scan result.

At startup sometimes I get a blue screen where it reads the disk is checking for consistency-sometimes I skip, sometimes I don't.

Note, that it might be due to a faulty hard disk. It is very important that you have backups of all your important files.

#3 blizzard500

blizzard500

    Advanced Member

  • Members
  • PipPipPip
  • 41 posts

Posted 07 September 2011 - 10:07 PM

Thanks for your reply CeciliaB!

I am using Symantec Antivirus 2006. I know it's rather old, but it does get updates regularly. Please find below the scan reports for the files uploaded to http://www.virustotal.com:

http://www.virustota...15bf-1315422295


http://www.virustota...6b22-1315422480


http://www.virustota...46b9-1315422609


http://www.virustota...46b9-1315422693


http://www.virustota...5ac2-1315422318


http://www.virustota...05b0-1315422471


http://www.virustota...40c8-1315422584


http://www.virustota...f21a-1315422693


Here is the result after a full scan of my computer using Symantec Antivirus:

(I don't see a scan result log option so I'm going to just type them out)

Trojan.Malscript!html (2 Count)
Quarantined -
Filename: get[1].htm
Location: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2N21LBNI\
Infected - Quarantined Successfully

Trojan.Gen (2 Count)
Quarantined -
Filename: KB9992843.exe
Location: C:\Documents and Settings\Hugo\Application Data\Adobe\plugs\
Infected - Quarantined Succesfully

Thank you and I look forward to your reply!

#4 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 5383 posts

Posted 07 September 2011 - 11:08 PM

You are welcome :)

Even if you still get updates to Symantec's virus database, it is recommended that you upgrade to the latest version of the antivirus program since with every new version, usually once a year, new functions are added to handle the latest types of threats. An antivirus program from 2006 doesn't have functions to handle rootkit infections, which are very common today (but were very rare in 2006). Do not update or change antivirus program while the computer is infected.

I cannot see that you have Ad-Aware installed. Please, install the latest version and scan the computer. Paste the log and a new OTL.txt.
http://www.lavasoft...._aware_free.php

#5 blizzard500

blizzard500

    Advanced Member

  • Members
  • PipPipPip
  • 41 posts

Posted 08 September 2011 - 05:20 PM

Thanks CeciliaB,

As per your request, please find below the scanned log by Ad-Aware and the new OTL log:

(Please note: I chose the full scan option using Ad-Aware and the time elapsed was more than 4 hours so I chose to end it. I'm not sure if smart scan would've been a better option.)

After the scan, when I reboot my computer I get the two erors:

Error loading C:\windows\coprgx2.dll the specified module could not be found
Error loading C:\windows\eyabamis.dll the specified module could not be found

Logfile created: 07/09/2011 18:50:03
Ad-Aware version: 9.5.1
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Hugo

*********************** Definitions database information ***********************
Lavasoft definition file: 150.563
Genotype definition file version: 2011/09/01 12:38:06
Extended engine definition file: 10398.0

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 106574
Objects detected: 6


Type Detected
==========================
Processes.......: 2
Registry entries: 0
Hostfile entries: 0
Files...........: 4
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Quarantined items:
Description: c:\windows\eyabamis.dll Family Name: Win32.TrojanDownloader.Mufanom/A Engine: 1 Clean status: Reboot required Item ID: 0 Family ID: 0
Description: c:\windows\coprgx2.dll Family Name: Trojan.Win32.Cimag.gk (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c70a0b229d11ced0cfe48eefcc4a0215
Description: c:\documents and settings\hugo\local settings\temp\owxeancsmr.exe Family Name: Trojan.Win32.Cimag.gk (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e9b808676c900269827171ddd78530bf
Description: c:\windows\coprgx2.dll Family Name: Trojan.Win32.Cimag.gk (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c70a0b229d11ced0cfe48eefcc4a0215
Description: c:\documents and settings\hugo\local settings\application data\{9426bdac-7e78-410a-9ad2-20b8087ea45f}\chrome\content\overlay.xul Family Name: Trojan.JS.Redirector.cd (v) Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 791154946d60210e437bcf2d692ab6c8
Description: c:\documents and settings\hugo\local settings\temp\av-test.txt Family Name: EICAR (v) Engine: 3 Clean status: Success Item ID: 3 Family ID: 0 MD5: 1195b64d237f57e6289d3cd105228d93

Scan and cleaning complete: Stopped by request after 15911 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\,F:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Wed Sep 07 18:45:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Wed Sep 07 00:45:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Wed Sep 07 06:45:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Wed Sep 07 12:45:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Sep 07 18:45:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: FAMILYCOMPUTER
Processor name: Intel® Pentium® 4 CPU 3.00GHz
Processor identifier: x86 Family 15 Model 2 Stepping 9
Processor speed: ~2992MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 521, number of processors 2, processor features: [MMX,SSE,SSE2]
Physical memory available: 63021056 bytes
Physical memory total: 535535616 bytes
Virtual memory available: 1899487232 bytes
Virtual memory total: 2147352576 bytes
Memory load: 88%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 624 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 672 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 696 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 744 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 756 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 920 name: C:\WINDOWS\System32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 940 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1020 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1064 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1184 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1212 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1244 name: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1356 name: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1580 name: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1684 name: C:\WINDOWS\system32\LEXBCES.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 1744 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1764 name: C:\WINDOWS\system32\LEXPPS.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 1940 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 124 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 212 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 252 name: C:\Program Files\Symantec AntiVirus\DefWatch.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 320 name: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 328 name: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 336 name: C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 368 name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 380 name: C:\Program Files\Common Files\Symantec Shared\ccApp.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 400 name: C:\PROGRA~1\SYMANT~1\VPTray.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 476 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 496 name: C:\Program Files\QuickTime\QTTask.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 512 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 520 name: C:\Program Files\Common Files\Java\Java Update\jusched.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 576 name: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe owner: Hugo domain: FAMILYCOMPUTER
PID: 644 name: C:\WINDOWS\system32\ctfmon.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 668 name: C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 108 name: C:\WINDOWS\system32\rundll32.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 1148 name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 1320 name: C:\WINDOWS\system32\ScsiAccess.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 2140 name: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2248 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2360 name: C:\Program Files\Symantec AntiVirus\Rtvscan.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 2616 name: C:\Program Files\Canon\CAL\CALMAIN.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3052 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3188 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3540 name: C:\WINDOWS\explorer.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 3656 name: C:\Program Files\internet explorer\iexplore.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 3976 name: C:\Program Files\internet explorer\iexplore.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 2300 name: C:\WINDOWS\system32\msiexec.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3524 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 2428 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2456 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 936 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3104 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Hugo domain: FAMILYCOMPUTER

Startup items:
Name: IMJPMIG8.1
imagepath: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Name: PHIME2002ASync
imagepath: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
Name: PHIME2002A
imagepath: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Name: SoundMAXPnP
imagepath: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
Name: ATIPTA
imagepath: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Name: Lexmark X1100 Series
imagepath: "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
Name: NeroCheck
imagepath: C:\WINDOWS\system32\\NeroCheck.exe
Name: TkBellExe
imagepath: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Name: ccApp
imagepath: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Name: vptray
imagepath: C:\PROGRA~1\SYMANT~1\VPTray.exe
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Name: Ddavunuma
imagepath: rundll32.exe "C:\WINDOWS\eyabamis.dll",Startup
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: CTFMON.EXE
imagepath: C:\WINDOWS\System32\CTFMON.EXE
Name:
imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: Ati HotKey Poller
displayname: Ati HotKey Poller
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: CCALib8
displayname: Canon Camera Access Library 8
Name: ccEvtMgr
displayname: Symantec Event Manager
Name: ccSetMgr
displayname: Symantec Settings Manager
Name: CryptSvc
displayname: CryptSvc
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: DefWatch
displayname: Symantec AntiVirus Definition Watcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: helpsvc
displayname: Help and Support
Name: HidServ
displayname: HID Input Service
Name: iPod Service
displayname: iPod Service
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: LexBceS
displayname: LexBce Server
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: MDM
displayname: Machine Debug Manager
Name: MSIServer
displayname: Windows Installer
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: ScsiAccess
displayname: ScsiAccess
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: SoundMAX Agent Service (default)
displayname: SoundMAX Agent Service
Name: SPBBCSvc
displayname: Symantec SPBBCSvc
Name: Spooler
displayname: Print Spooler
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: Symantec AntiVirus
displayname: Symantec AntiVirus
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: upnphost
displayname: Universal Plug and Play Device Host
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service


OTL Log:



OTL logfile created on: 07/09/2011 11:59:05 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Hugo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

510.73 Mb Total Physical Memory | 165.02 Mb Available Physical Memory | 32.31% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 72.97% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 6.40 Gb Free Space | 21.34% Space Free | Partition Type: NTFS
Drive F: | 119.05 Gb Total Space | 8.73 Gb Free Space | 7.33% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: Hugo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Documents and Settings\Hugo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DoScan.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\ScsiAccess.EXE ()
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Lexmark X1100 Series\ConvDIB.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL ()
MOD - C:\WINDOWS\system32\ScsiAccess.EXE ()


========== Win32 Services (SafeList) ==========

SRV - (WmdmPmSN) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ScsiAccess) -- C:\WINDOWS\system32\ScsiAccess.EXE ()
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110907.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110907.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sf) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (V124) -- C:\WINDOWS\system32\drivers\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys (Conexant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/28 13:45:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}: C:\Documents and Settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F} [2011/09/04 01:37:30 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Ddavunuma] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Erakafazeqeqalu] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries00000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1219891777750 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD0AF950-21CB-4DC0-9EB3-50820CD8D860}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Hugo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hugo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/27 20:28:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/07 23:59:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/09/07 18:48:48 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/07 18:45:01 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/09/07 18:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/09/07 18:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/09/07 18:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/09/05 13:46:44 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/09/04 22:14:47 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hugo\Desktop\OTL.exe
[2011/09/04 01:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}
[2011/09/03 01:57:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/01 19:53:51 | 000,000,000 | ---D | C] -- C:\found.000
[2011/08/26 18:36:56 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2004/06/11 01:27:12 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/08 00:09:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/07 23:58:12 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/07 23:57:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/07 18:48:47 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/07 18:48:46 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/07 18:45:07 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/09/07 17:41:22 | 000,155,136 | ---- | M] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 16:47:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qbukadu.bin
[2011/09/07 16:47:12 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xtulocozi.dat
[2011/09/06 14:11:53 | 000,004,630 | ---- | M] () -- C:\WINDOWS\ulopumamajux.dll
[2011/09/05 23:50:30 | 000,004,630 | ---- | M] () -- C:\WINDOWS\oyutuxunakamika.dll
[2011/09/04 22:14:52 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hugo\Desktop\OTL.exe
[2011/09/04 21:32:09 | 000,004,630 | ---- | M] () -- C:\WINDOWS\uzazukoh.dll
[2011/09/04 21:31:18 | 000,004,630 | ---- | M] () -- C:\WINDOWS\ofidupay.dll
[2011/09/04 00:09:15 | 000,003,832 | ---- | M] () -- C:\WINDOWS\usimijigoki.dll
[2011/09/01 19:55:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/30 23:40:25 | 000,000,940 | -HS- | M] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/30 23:40:25 | 000,000,940 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/30 21:24:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/28 13:58:16 | 007,405,184 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Eminem & Royce Da 5'9 (Bad Meets Evil) (ft. Bruno Mars) - Lighters.mp3
[2011/08/27 17:27:08 | 004,670,935 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Pink Martini - Lilly.flv
[2011/08/26 18:36:56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/25 20:40:06 | 009,759,144 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Enrique Iglesias feat Usher, Lil Wayne & Nayer - Dirty Dancer BMF.mp3
[2011/08/25 14:33:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/22 19:54:41 | 000,565,215 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Cruise Bus.jpg
[2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/08/13 16:09:56 | 000,013,442 | ---- | M] () -- C:\WINDOWS\CDPLAYER.INI
[2011/08/10 21:11:54 | 000,435,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 21:11:54 | 000,068,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 21:06:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/10 19:46:39 | 004,997,158 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Dev - In The Dark.mp3
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/07 23:22:54 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/07 18:45:19 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/07 18:45:07 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/09/06 14:11:53 | 000,004,630 | ---- | C] () -- C:\WINDOWS\ulopumamajux.dll
[2011/09/05 23:50:30 | 000,004,630 | ---- | C] () -- C:\WINDOWS\oyutuxunakamika.dll
[2011/09/04 21:32:09 | 000,004,630 | ---- | C] () -- C:\WINDOWS\uzazukoh.dll
[2011/09/04 21:31:18 | 000,004,630 | ---- | C] () -- C:\WINDOWS\ofidupay.dll
[2011/09/04 01:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qbukadu.bin
[2011/09/04 01:37:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xtulocozi.dat
[2011/09/04 00:09:15 | 000,003,832 | ---- | C] () -- C:\WINDOWS\usimijigoki.dll
[2011/09/01 20:08:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/30 23:40:25 | 000,000,940 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/30 23:40:25 | 000,000,940 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/28 13:58:03 | 007,405,184 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Eminem & Royce Da 5'9 (Bad Meets Evil) (ft. Bruno Mars) - Lighters.mp3
[2011/08/27 17:25:04 | 004,670,935 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Pink Martini - Lilly.flv
[2011/08/25 14:40:01 | 009,759,144 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Enrique Iglesias feat Usher, Lil Wayne & Nayer - Dirty Dancer BMF.mp3
[2011/08/22 19:54:41 | 000,565,215 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Cruise Bus.jpg
[2011/08/10 19:33:16 | 004,997,158 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Dev - In The Dark.mp3
[2011/07/15 22:57:34 | 000,014,960 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\bg1w2ydj4mt17xmb51t2f0y4
[2011/07/15 22:57:34 | 000,014,960 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bg1w2ydj4mt17xmb51t2f0y4
[2011/06/21 13:44:37 | 000,016,794 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\31e5ei4kp02673
[2011/06/21 13:44:37 | 000,016,794 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\31e5ei4kp02673
[2011/05/28 23:31:14 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18669348r
[2011/05/28 23:31:13 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18669348
[2011/05/28 23:30:07 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18669348
[2011/05/26 01:51:51 | 000,017,748 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\6u3g552vn161808r6ha075onrwq0lu403514j2w321
[2011/05/26 01:51:51 | 000,017,748 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6u3g552vn161808r6ha075onrwq0lu403514j2w321
[2011/05/26 00:06:34 | 000,017,882 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\bvc487bk682w74h1c31i8a
[2011/05/26 00:06:34 | 000,017,882 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bvc487bk682w74h1c31i8a
[2011/05/21 22:30:02 | 000,017,898 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\u2pdfeer6jt15c8bh1yi08t2u4r8yots4kqgaybf880hi
[2011/05/21 22:30:02 | 000,017,898 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\u2pdfeer6jt15c8bh1yi08t2u4r8yots4kqgaybf880hi
[2011/05/21 21:59:31 | 000,018,020 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\w70st7567b4372d
[2011/05/21 21:59:31 | 000,018,020 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w70st7567b4372d
[2011/05/07 22:23:34 | 000,014,176 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\124m11kv487y04u456u06gavfn5303746288g8m2f7
[2011/05/07 22:23:34 | 000,014,176 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\124m11kv487y04u456u06gavfn5303746288g8m2f7
[2011/05/07 21:42:11 | 000,014,300 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\uffu4xy1ih56tow41713764m0032po4b717f67
[2011/05/07 21:42:11 | 000,014,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\uffu4xy1ih56tow41713764m0032po4b717f67
[2010/09/02 20:06:19 | 000,062,904 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/27 17:03:48 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Hugo\Application Data\winscp.rnd
[2009/01/26 22:39:11 | 000,001,640 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/08/27 23:57:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/27 22:22:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/08/27 22:14:16 | 000,155,136 | ---- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/27 22:06:41 | 000,013,442 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2008/08/27 21:07:53 | 000,000,230 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/08/27 21:07:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2008/08/27 21:07:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2008/08/27 21:07:41 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2008/08/27 21:07:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2008/08/27 21:07:23 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2008/08/27 21:03:24 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/08/27 20:30:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/27 20:26:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/27 16:18:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/27 16:17:44 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/10 22:44:56 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/02/04 08:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2003/02/03 06:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002/08/29 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 08:00:00 | 000,435,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 08:00:00 | 000,068,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 08:00:00 | 000,020,481 | ---- | C] () -- C:\WINDOWS\System32\elxsinh.dll
[2002/08/29 08:00:00 | 000,007,014 | ---- | C] () -- C:\WINDOWS\System32\wkrnte.dll
[2002/08/29 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/09/08 15:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2011/03/08 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2008/08/27 21:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/09 18:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2011/03/08 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/05/21 22:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/18 14:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/03 02:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/20 20:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/03/08 21:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Bell
[2009/10/17 19:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\ImTOO Software Studio
[2011/08/05 23:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Mael
[2009/06/09 18:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\PACE Anti-Piracy
[2009/01/01 03:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Red Kawa
[2010/05/14 03:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\runic games
[2009/10/17 19:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Xilisoft Corporation
[2011/09/07 23:58:12 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1230 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:DS2NzVZqpNPAHxd68DRVDM6DoA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1080 bytes -> C:\Documents and Settings\Hugo\Cookies:XxeH6lcXPDqmavuoIkPqR
@Alternate Data Stream - 1076 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:dEltvfysc8HrlHB9aJ2WUVev

< End of report >

Thank you and I look forward to your reply!

#6 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 5383 posts

Posted 08 September 2011 - 06:16 PM

You are welcome! :)

Good, Ad-Aware removed several bad files. If you cannot let it do a full scan during a night, please do a smart scan. A smart scan checks less but is better than half of a full scan.
The messages during the start of Windows are normal at the moment and will be fixed later.

Please, follow the instructions on http://www.bleepingc...to-use-combofix for installing and running ComboFix.

Read carefully and note the "Disclaimer of warranty"!

Paste the content of the log into your answer.

#7 blizzard500

blizzard500

    Advanced Member

  • Members
  • PipPipPip
  • 41 posts

Posted 09 September 2011 - 12:08 AM

Thanks for the pointers!

So I decided to scan my computer with Ad-Aware with the smart scan option and have also downloaded ComboFix and scanned my computer as well. Please find below the logs:

Logfile created: 08/09/2011 16:46:18
Ad-Aware version: 9.5.1
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Hugo

*********************** Definitions database information ***********************
Lavasoft definition file: 150.563
Genotype definition file version: 2011/09/01 12:38:06
Extended engine definition file: 10398.0

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 53498
Objects detected: 67


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 67
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *searchportal.information* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409134 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *mediaplex* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408991 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0
Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0
Description: *247realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408945 Family ID: 0
Description: *realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409139 Family ID: 0
Description: *bravenet* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409013 Family ID: 0
Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0
Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0
Description: *clickbank* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408890 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *statcounter* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409185 Family ID: 0
Description: *pro-market* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408823 Family ID: 0
Description: zedo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408736 Family ID: 0
Description: *clickz* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408888 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *tribalfusion* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408785 Family ID: 0
Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0
Description: *tacoda* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409123 Family ID: 0
Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0
Description: *casalemedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409152 Family ID: 0
Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0
Description: *gator* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408861 Family ID: 0
Description: *.lycos* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408930 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *rotator.adjuggler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409135 Family ID: 0
Description: *server.iad.liveperson* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409131 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *engage* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409004 Family ID: 0
Description: *gamers* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409301 Family ID: 0
Description: *casalemedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409152 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *mediaplex* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408991 Family ID: 0
Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0
Description: *adlegend* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409170 Family ID: 0
Description: *gamers* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409301 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *adultfriendfinder* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409164 Family ID: 0
Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0
Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *adbureau* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409027 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *clickbank* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408890 Family ID: 0
Description: *omniture* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408835 Family ID: 0
Description: *.stats.esomniture* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409181 Family ID: 0
Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0
Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0
Description: *pro-market* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408823 Family ID: 0
Description: *server.iad.liveperson* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409131 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *statcounter* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409185 Family ID: 0
Description: *tacoda* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409123 Family ID: 0
Description: *tribalfusion* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408785 Family ID: 0
Description: www.new* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409109 Family ID: 0

Scan and cleaning complete: Finished correctly after 1864 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Wed Sep 07 18:45:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Wed Sep 07 00:45:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Wed Sep 07 06:45:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Wed Sep 07 12:45:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Sep 07 18:45:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: FAMILYCOMPUTER
Processor name: Intel® Pentium® 4 CPU 3.00GHz
Processor identifier: x86 Family 15 Model 2 Stepping 9
Processor speed: ~2992MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 521, number of processors 2, processor features: [MMX,SSE,SSE2]
Physical memory available: 10158080 bytes
Physical memory total: 535535616 bytes
Virtual memory available: 1929801728 bytes
Virtual memory total: 2147352576 bytes
Memory load: 98%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 644 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 700 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 724 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 772 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 784 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 952 name: C:\WINDOWS\System32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 972 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1068 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1140 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1272 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1332 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1376 name: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1460 name: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1532 name: C:\WINDOWS\Explorer.EXE owner: Hugo domain: FAMILYCOMPUTER
PID: 1676 name: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1696 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1840 name: C:\WINDOWS\system32\LEXBCES.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 1880 name: C:\WINDOWS\system32\LEXPPS.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 1884 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2012 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 140 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 224 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 252 name: C:\Program Files\Symantec AntiVirus\DefWatch.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 444 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 484 name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 540 name: C:\WINDOWS\system32\ScsiAccess.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 664 name: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1000 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1244 name: C:\Program Files\Symantec AntiVirus\Rtvscan.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1424 name: C:\Program Files\Canon\CAL\CALMAIN.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1488 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2240 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2300 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2376 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2716 name: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 2724 name: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 2732 name: C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 2748 name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 2756 name: C:\Program Files\Common Files\Symantec Shared\ccApp.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 2764 name: C:\PROGRA~1\SYMANT~1\VPTray.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 2840 name: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 2848 name: C:\Program Files\QuickTime\QTTask.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 2856 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 2864 name: C:\Program Files\Common Files\Java\Java Update\jusched.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 2880 name: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe owner: Hugo domain: FAMILYCOMPUTER
PID: 2896 name: C:\WINDOWS\system32\ctfmon.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 2996 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 3016 name: C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe owner: Hugo domain: FAMILYCOMPUTER
PID: 3120 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 3436 name: C:\Program Files\Symantec AntiVirus\DoScan.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 3484 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3760 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Hugo domain: FAMILYCOMPUTER

Startup items:
Name: IMJPMIG8.1
imagepath: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Name: PHIME2002ASync
imagepath: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
Name: PHIME2002A
imagepath: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Name: SoundMAXPnP
imagepath: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
Name: ATIPTA
imagepath: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Name: Lexmark X1100 Series
imagepath: "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
Name: NeroCheck
imagepath: C:\WINDOWS\system32\\NeroCheck.exe
Name: TkBellExe
imagepath: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Name: ccApp
imagepath: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Name: vptray
imagepath: C:\PROGRA~1\SYMANT~1\VPTray.exe
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Name: Ddavunuma
imagepath: rundll32.exe "C:\WINDOWS\eyabamis.dll",Startup
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: CTFMON.EXE
imagepath: C:\WINDOWS\System32\CTFMON.EXE
Name:
imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: Ati HotKey Poller
displayname: Ati HotKey Poller
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: CCALib8
displayname: Canon Camera Access Library 8
Name: ccEvtMgr
displayname: Symantec Event Manager
Name: ccSetMgr
displayname: Symantec Settings Manager
Name: CryptSvc
displayname: CryptSvc
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: DefWatch
displayname: Symantec AntiVirus Definition Watcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: helpsvc
displayname: Help and Support
Name: HidServ
displayname: HID Input Service
Name: iPod Service
displayname: iPod Service
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LexBceS
displayname: LexBce Server
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: MDM
displayname: Machine Debug Manager
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: ScsiAccess
displayname: ScsiAccess
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: SoundMAX Agent Service (default)
displayname: SoundMAX Agent Service
Name: SPBBCSvc
displayname: Symantec SPBBCSvc
Name: Spooler
displayname: Print Spooler
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: Symantec AntiVirus
displayname: Symantec AntiVirus
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration


ComboFix Log:


ComboFix 11-09-08.03 - Hugo 08/09/2011 18:38:47.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.511.231 [GMT -4:00]
Running from: c:\documents and settings\Hugo\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Hugo\Application Data\Adobe\plugs
c:\documents and settings\Hugo\Application Data\Adobe\plugs\KB9992984.exe
c:\documents and settings\Hugo\Application Data\Adobe\shed
c:\windows\ofidupay.dll
c:\windows\oyutuxunakamika.dll
c:\windows\ulopumamajux.dll
c:\windows\usimijigoki.dll
c:\windows\uzazukoh.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))
.
.
2011-09-08 03:22 . 2011-09-07 22:48 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-07 22:48 . 2011-09-07 22:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-07 22:45 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-07 22:44 . 2011-09-07 22:44 -------- d-----w- c:\program files\Lavasoft
2011-09-07 22:44 . 2011-09-07 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-09-05 17:46 . 2011-09-05 17:46 -------- d-----w- C:\found.001
2011-09-04 05:37 . 2011-09-07 20:47 0 ----a-w- c:\windows\Qbukadu.bin
2011-09-04 05:37 . 2011-09-04 05:37 -------- d-----w- c:\documents and settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}
2011-09-01 23:53 . 2011-09-01 23:53 -------- d-----w- C:\found.000
2011-08-26 22:36 . 2011-08-26 22:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2002-08-29 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-08-28 00:25 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-08-28 01:56 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-11 339968]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-28 185896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/09/2011 6:45 PM 64512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [02/09/2011 2:26 PM 105592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/08/2011 3:25 PM 2151640]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27/09/2006 9:33 PM 116464]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 22:48]
.
2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Erakafazeqeqalu - c:\windows\coprgX2.dll
HKLM-Run-Ddavunuma - c:\windows\eyabamis.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-08 18:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JB-00EVA0 rev.15.05R15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82F4231B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\WININET.dll
.
Completion time: 2011-09-08 19:04:03
ComboFix-quarantined-files.txt 2011-09-08 23:03
.
Pre-Run: 6,656,872,448 bytes free
Post-Run: 7,151,898,624 bytes free
.
- - End Of File - - E2F4942627D690B1513EEAA64DC0F6C4

Thanks Again

#8 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 5383 posts

Posted 09 September 2011 - 05:58 PM

Save TDSSKiller on the Desktop:
http://support.kaspe.../tdsskiller.zip

Right-click and select Extract all. Remember the location of the extracted file.
Turn off all programs.
Run the program TDSSKiller.exe which is the file you extracted.

Click on Start Scan.

If any threats are found select Cure and click Continue. If Cure isn't available select Skip. Do NOT select Quarantine or Delete.
The computer might need a restart.

Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.

Restart the computer and run ComboFix in the same way as before. Post that log, too.

#9 blizzard500

blizzard500

    Advanced Member

  • Members
  • PipPipPip
  • 41 posts

Posted 09 September 2011 - 08:16 PM

Thanks, here are the logs:

TDSSKiller.2.5.3.0_29.05.2011_00.43.44_log.txt

2011/05/29 00:43:44.0500 1028 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/29 00:43:44.0968 1028 ================================================================================
2011/05/29 00:43:44.0968 1028 SystemInfo:
2011/05/29 00:43:44.0968 1028
2011/05/29 00:43:44.0968 1028 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/29 00:43:44.0968 1028 Product type: Workstation
2011/05/29 00:43:44.0968 1028 ComputerName: FAMILYCOMPUTER
2011/05/29 00:43:44.0968 1028 UserName: Hugo
2011/05/29 00:43:44.0968 1028 Windows directory: C:\WINDOWS
2011/05/29 00:43:44.0968 1028 System windows directory: C:\WINDOWS
2011/05/29 00:43:44.0968 1028 Processor architecture: Intel x86
2011/05/29 00:43:44.0968 1028 Number of processors: 2
2011/05/29 00:43:44.0968 1028 Page size: 0x1000
2011/05/29 00:43:44.0968 1028 Boot type: Safe boot with network
2011/05/29 00:43:44.0968 1028 ================================================================================
2011/05/29 00:43:47.0015 1028 Initialize success
2011/05/29 00:44:00.0093 1064 Deinitialize success


TDSSKiller.2.5.3.0_29.05.2011_00.44.17_log.txt

2011/05/29 00:44:17.0281 1216 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/29 00:44:17.0609 1216 ================================================================================
2011/05/29 00:44:17.0609 1216 SystemInfo:
2011/05/29 00:44:17.0609 1216
2011/05/29 00:44:17.0609 1216 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/29 00:44:17.0609 1216 Product type: Workstation
2011/05/29 00:44:17.0609 1216 ComputerName: FAMILYCOMPUTER
2011/05/29 00:44:17.0609 1216 UserName: Hugo
2011/05/29 00:44:17.0609 1216 Windows directory: C:\WINDOWS
2011/05/29 00:44:17.0609 1216 System windows directory: C:\WINDOWS
2011/05/29 00:44:17.0609 1216 Processor architecture: Intel x86
2011/05/29 00:44:17.0609 1216 Number of processors: 2
2011/05/29 00:44:17.0609 1216 Page size: 0x1000
2011/05/29 00:44:17.0609 1216 Boot type: Safe boot with network
2011/05/29 00:44:17.0609 1216 ================================================================================
2011/05/29 00:44:18.0734 1216 Initialize success
2011/05/29 00:44:24.0937 1296 ================================================================================
2011/05/29 00:44:24.0937 1296 Scan started
2011/05/29 00:44:24.0937 1296 Mode: Manual;
2011/05/29 00:44:24.0937 1296 ================================================================================
2011/05/29 00:44:26.0218 1296 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/29 00:44:26.0312 1296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/29 00:44:26.0500 1296 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/29 00:44:26.0593 1296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/29 00:44:26.0703 1296 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/29 00:44:26.0812 1296 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/29 00:44:27.0734 1296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/29 00:44:27.0812 1296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/29 00:44:28.0093 1296 ati2mtag (5e3603e9fba29e01f5ffc108276b3005) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/29 00:44:28.0218 1296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/29 00:44:28.0343 1296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/29 00:44:28.0468 1296 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
2011/05/29 00:44:28.0593 1296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/29 00:44:28.0796 1296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/29 00:44:29.0078 1296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/29 00:44:29.0171 1296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/29 00:44:29.0265 1296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/29 00:44:30.0046 1296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/29 00:44:30.0218 1296 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/29 00:44:30.0359 1296 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/29 00:44:30.0453 1296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/29 00:44:30.0578 1296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/29 00:44:30.0781 1296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/29 00:44:30.0906 1296 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/29 00:44:31.0062 1296 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/29 00:44:31.0156 1296 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/29 00:44:31.0359 1296 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
2011/05/29 00:44:31.0484 1296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/29 00:44:31.0593 1296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/29 00:44:31.0703 1296 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/29 00:44:31.0812 1296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/29 00:44:31.0921 1296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/29 00:44:32.0031 1296 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
2011/05/29 00:44:32.0109 1296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/29 00:44:32.0203 1296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/29 00:44:32.0312 1296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/29 00:44:32.0421 1296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/29 00:44:32.0578 1296 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/29 00:44:32.0843 1296 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2011/05/29 00:44:32.0984 1296 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2011/05/29 00:44:33.0156 1296 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2011/05/29 00:44:33.0281 1296 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/29 00:44:33.0609 1296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/29 00:44:33.0718 1296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/29 00:44:34.0062 1296 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/29 00:44:34.0156 1296 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/29 00:44:34.0265 1296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/29 00:44:34.0390 1296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/29 00:44:34.0484 1296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/29 00:44:34.0593 1296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/29 00:44:34.0703 1296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/29 00:44:34.0812 1296 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/29 00:44:34.0984 1296 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
2011/05/29 00:44:35.0078 1296 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/29 00:44:35.0187 1296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/29 00:44:35.0281 1296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/29 00:44:35.0687 1296 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/29 00:44:35.0812 1296 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
2011/05/29 00:44:35.0921 1296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/29 00:44:36.0031 1296 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/29 00:44:36.0140 1296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/29 00:44:36.0250 1296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/29 00:44:36.0343 1296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/29 00:44:36.0515 1296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/29 00:44:36.0671 1296 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/29 00:44:36.0812 1296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/29 00:44:36.0953 1296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/29 00:44:37.0046 1296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/29 00:44:37.0156 1296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/29 00:44:37.0281 1296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/29 00:44:37.0406 1296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/29 00:44:37.0593 1296 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110528.003\naveng.sys
2011/05/29 00:44:37.0750 1296 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110528.003\navex15.sys
2011/05/29 00:44:37.0968 1296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/29 00:44:38.0046 1296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/29 00:44:38.0171 1296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/29 00:44:38.0265 1296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/29 00:44:38.0375 1296 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/29 00:44:38.0453 1296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/29 00:44:38.0562 1296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/29 00:44:38.0796 1296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/29 00:44:38.0937 1296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/29 00:44:39.0109 1296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/29 00:44:39.0218 1296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/29 00:44:39.0312 1296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/29 00:44:39.0468 1296 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/29 00:44:39.0546 1296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/29 00:44:39.0640 1296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/29 00:44:39.0750 1296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/29 00:44:39.0953 1296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/29 00:44:40.0046 1296 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/29 00:44:40.0828 1296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/29 00:44:40.0921 1296 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/29 00:44:41.0046 1296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/29 00:44:41.0140 1296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/29 00:44:41.0656 1296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/29 00:44:41.0765 1296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/29 00:44:41.0890 1296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/29 00:44:41.0968 1296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/29 00:44:42.0078 1296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/29 00:44:42.0156 1296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/29 00:44:42.0343 1296 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/29 00:44:42.0453 1296 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/29 00:44:42.0593 1296 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
2011/05/29 00:44:42.0875 1296 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/05/29 00:44:42.0953 1296 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/05/29 00:44:43.0171 1296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/29 00:44:43.0312 1296 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/29 00:44:43.0421 1296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/29 00:44:43.0609 1296 sf (e8cc4ba7b2e962bd932c7bf678e762e0) C:\WINDOWS\system32\drivers\sf.sys
2011/05/29 00:44:43.0703 1296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/29 00:44:44.0015 1296 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/29 00:44:44.0171 1296 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
2011/05/29 00:44:44.0421 1296 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/05/29 00:44:44.0546 1296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/29 00:44:44.0687 1296 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/29 00:44:44.0828 1296 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/29 00:44:45.0000 1296 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/29 00:44:45.0093 1296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/29 00:44:45.0468 1296 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
2011/05/29 00:44:45.0562 1296 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/05/29 00:44:45.0687 1296 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/05/29 00:44:45.0953 1296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/29 00:44:46.0125 1296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/29 00:44:46.0250 1296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/29 00:44:46.0343 1296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/29 00:44:46.0437 1296 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/29 00:44:46.0593 1296 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
2011/05/29 00:44:46.0875 1296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/29 00:44:47.0078 1296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/29 00:44:47.0250 1296 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/29 00:44:47.0328 1296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/29 00:44:47.0453 1296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/29 00:44:47.0531 1296 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/29 00:44:47.0625 1296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/29 00:44:47.0750 1296 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/29 00:44:47.0843 1296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/29 00:44:48.0015 1296 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
2011/05/29 00:44:48.0125 1296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/29 00:44:48.0312 1296 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/29 00:44:48.0500 1296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/29 00:44:48.0703 1296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/29 00:44:48.0875 1296 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2011/05/29 00:44:49.0265 1296 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/29 00:44:49.0406 1296 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/29 00:44:49.0484 1296 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/29 00:44:49.0656 1296 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/05/29 00:44:49.0703 1296 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/29 00:44:49.0734 1296 ================================================================================
2011/05/29 00:44:49.0734 1296 Scan finished
2011/05/29 00:44:49.0734 1296 ================================================================================
2011/05/29 00:44:49.0796 1288 Detected object count: 1
2011/05/29 00:44:49.0796 1288 Actual detected object count: 1
2011/05/29 00:45:09.0921 1288 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/29 00:45:09.0921 1288 \Device\Harddisk0\DR0 - ok
2011/05/29 00:45:09.0921 1288 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/05/29 00:45:36.0265 1208 Deinitialize success


TDSSKiller.2.5.20.0_09.09.2011_14.13.29_log.txt


2011/09/09 14:13:29.0328 3316 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/09 14:13:29.0953 3316 ================================================================================
2011/09/09 14:13:29.0953 3316 SystemInfo:
2011/09/09 14:13:29.0953 3316
2011/09/09 14:13:29.0953 3316 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/09 14:13:29.0953 3316 Product type: Workstation
2011/09/09 14:13:29.0953 3316 ComputerName: FAMILYCOMPUTER
2011/09/09 14:13:30.0000 3316 UserName: Hugo
2011/09/09 14:13:30.0000 3316 Windows directory: C:\WINDOWS
2011/09/09 14:13:30.0015 3316 System windows directory: C:\WINDOWS
2011/09/09 14:13:30.0015 3316 Processor architecture: Intel x86
2011/09/09 14:13:30.0015 3316 Number of processors: 2
2011/09/09 14:13:30.0015 3316 Page size: 0x1000
2011/09/09 14:13:30.0015 3316 Boot type: Normal boot
2011/09/09 14:13:30.0015 3316 ================================================================================
2011/09/09 14:13:32.0578 3316 Initialize success
2011/09/09 14:13:40.0843 0164 ================================================================================
2011/09/09 14:13:40.0843 0164 Scan started
2011/09/09 14:13:40.0843 0164 Mode: Manual;
2011/09/09 14:13:40.0843 0164 ================================================================================
2011/09/09 14:13:43.0843 0164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/09 14:13:44.0468 0164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/09 14:13:45.0718 0164 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/09/09 14:13:46.0343 0164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/09 14:13:46.0562 0164 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/09 14:13:47.0640 0164 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/09 14:13:50.0625 0164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/09 14:13:51.0093 0164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/09 14:13:52.0218 0164 ati2mtag (5e3603e9fba29e01f5ffc108276b3005) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/09 14:13:52.0640 0164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/09 14:13:53.0125 0164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/09 14:13:53.0500 0164 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
2011/09/09 14:13:54.0171 0164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/09 14:13:54.0843 0164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/09 14:13:55.0500 0164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/09 14:13:55.0984 0164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/09 14:13:56.0281 0164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/09 14:13:59.0968 0164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/09 14:14:00.0546 0164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/09 14:14:01.0296 0164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/09 14:14:01.0671 0164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/09 14:14:02.0171 0164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/09 14:14:03.0281 0164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/09 14:14:03.0671 0164 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/09 14:14:04.0250 0164 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/09/09 14:14:04.0562 0164 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/09/09 14:14:05.0234 0164 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
2011/09/09 14:14:05.0671 0164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/09 14:14:06.0203 0164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/09 14:14:06.0593 0164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/09 14:14:06.0890 0164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/09 14:14:07.0203 0164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/09 14:14:07.0890 0164 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
2011/09/09 14:14:08.0359 0164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/09 14:14:08.0750 0164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/09 14:14:09.0156 0164 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/09 14:14:09.0718 0164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/09 14:14:10.0578 0164 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/09 14:14:11.0234 0164 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2011/09/09 14:14:11.0515 0164 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2011/09/09 14:14:12.0062 0164 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2011/09/09 14:14:12.0468 0164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/09 14:14:13.0843 0164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/09 14:14:14.0406 0164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/09 14:14:15.0703 0164 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/09 14:14:16.0187 0164 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/09 14:14:16.0968 0164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/09 14:14:17.0343 0164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/09 14:14:17.0812 0164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/09 14:14:18.0328 0164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/09 14:14:18.0843 0164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/09 14:14:19.0625 0164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/09 14:14:20.0484 0164 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
2011/09/09 14:14:20.0890 0164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/09 14:14:21.0343 0164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/09 14:14:21.0640 0164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/09 14:14:22.0234 0164 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/09/09 14:14:24.0140 0164 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/09 14:14:24.0812 0164 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
2011/09/09 14:14:25.0531 0164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/09 14:14:26.0312 0164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/09 14:14:26.0531 0164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/09 14:14:26.0859 0164 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/09 14:14:27.0359 0164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/09 14:14:28.0000 0164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/09 14:14:28.0625 0164 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/09 14:14:29.0046 0164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/09 14:14:29.0406 0164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/09 14:14:30.0062 0164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/09 14:14:30.0421 0164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/09 14:14:30.0843 0164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/09 14:14:31.0062 0164 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/09 14:14:31.0468 0164 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110907.002\naveng.sys
2011/09/09 14:14:32.0078 0164 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110907.002\navex15.sys
2011/09/09 14:14:32.0703 0164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/09 14:14:33.0171 0164 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/09 14:14:33.0375 0164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/09 14:14:33.0859 0164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/09 14:14:34.0312 0164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/09 14:14:34.0546 0164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/09 14:14:34.0953 0164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/09 14:14:35.0703 0164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/09 14:14:36.0078 0164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/09 14:14:36.0875 0164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/09 14:14:37.0296 0164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/09 14:14:37.0593 0164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/09 14:14:38.0031 0164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/09 14:14:38.0234 0164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/09 14:14:38.0625 0164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/09 14:14:38.0875 0164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/09 14:14:39.0312 0164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/09 14:14:39.0546 0164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/09 14:14:42.0343 0164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/09 14:14:42.0859 0164 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/09 14:14:43.0109 0164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/09 14:14:43.0390 0164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/09 14:14:45.0406 0164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/09 14:14:45.0937 0164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/09 14:14:46.0515 0164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/09 14:14:46.0843 0164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/09 14:14:47.0375 0164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/09 14:14:47.0765 0164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/09 14:14:48.0625 0164 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/09 14:14:49.0265 0164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/09 14:14:50.0031 0164 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
2011/09/09 14:14:51.0218 0164 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/09/09 14:14:51.0578 0164 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/09/09 14:14:52.0859 0164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/09 14:14:53.0281 0164 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/09 14:14:53.0515 0164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/09 14:14:53.0828 0164 sf (e8cc4ba7b2e962bd932c7bf678e762e0) C:\WINDOWS\system32\drivers\sf.sys
2011/09/09 14:14:54.0187 0164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/09 14:14:55.0296 0164 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\WINDOWS\system32\drivers\smwdm.sys
2011/09/09 14:14:56.0328 0164 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
2011/09/09 14:14:57.0281 0164 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/09/09 14:14:57.0859 0164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/09 14:14:58.0375 0164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/09 14:14:59.0296 0164 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/09 14:15:00.0812 0164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/09 14:15:01.0093 0164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/09 14:15:02.0265 0164 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
2011/09/09 14:15:02.0781 0164 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/09/09 14:15:03.0531 0164 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/09/09 14:15:04.0921 0164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/09 14:15:05.0531 0164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/09 14:15:05.0890 0164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/09 14:15:06.0703 0164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/09 14:15:07.0078 0164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/09 14:15:07.0671 0164 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
2011/09/09 14:15:08.0781 0164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/09 14:15:09.0421 0164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/09 14:15:09.0859 0164 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/09 14:15:10.0171 0164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/09 14:15:10.0765 0164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/09 14:15:11.0328 0164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/09 14:15:11.0515 0164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/09 14:15:11.0734 0164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/09 14:15:11.0968 0164 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/09 14:15:12.0640 0164 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
2011/09/09 14:15:13.0093 0164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/09 14:15:13.0937 0164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/09 14:15:14.0718 0164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/09 14:15:15.0328 0164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/09 14:15:15.0734 0164 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2011/09/09 14:15:16.0921 0164 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/09 14:15:17.0671 0164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/09 14:15:18.0171 0164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/09 14:15:19.0125 0164 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/09/09 14:15:19.0218 0164 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/09 14:15:19.0531 0164 Boot (0x1200) (d96420e61875336ab08469a19b099dca) \Device\Harddisk0\DR0\Partition0
2011/09/09 14:15:19.0843 0164 Boot (0x1200) (3d697f55ff66999ad6120c7103dc2a09) \Device\Harddisk0\DR0\Partition1
2011/09/09 14:15:19.0906 0164 ================================================================================
2011/09/09 14:15:19.0906 0164 Scan finished
2011/09/09 14:15:19.0906 0164 ================================================================================
2011/09/09 14:15:20.0593 0232 Detected object count: 1
2011/09/09 14:15:20.0593 0232 Actual detected object count: 1
2011/09/09 14:15:59.0718 0232 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/09 14:15:59.0718 0232 \Device\Harddisk0\DR0 - ok
2011/09/09 14:15:59.0718 0232 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/09 14:16:11.0421 1284 Deinitialize success



ComboFix Log:

ComboFix 11-09-08.03 - Hugo 09/09/2011 14:34:20.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.511.150 [GMT -4:00]
Running from: c:\documents and settings\Hugo\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\SYMANT~1\VPTray.exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\Common Files\Symantec Shared\ccApp.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
c:\program files\QuickTime\QTTask .exe
c:\windows\Fonts\On6WEm.com
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At14.job
.
.
((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))
.
.
2011-09-09 18:55 . 2011-09-09 18:55 -------- d-----w- C:\found.002
2011-09-08 03:22 . 2011-09-07 22:48 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-07 22:48 . 2011-09-07 22:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-07 22:45 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-07 22:44 . 2011-09-07 22:44 -------- d-----w- c:\program files\Lavasoft
2011-09-07 22:44 . 2011-09-07 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-09-05 17:46 . 2011-09-05 17:46 -------- d-----w- C:\found.001
2011-09-04 05:37 . 2011-09-07 20:47 0 ----a-w- c:\windows\Qbukadu.bin
2011-09-04 05:37 . 2011-09-04 05:37 -------- d-----w- c:\documents and settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}
2011-09-01 23:53 . 2011-09-01 23:53 -------- d-----w- C:\found.000
2011-08-26 22:36 . 2011-08-26 22:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2002-08-29 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-08-28 00:25 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-08-28 01:56 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
<pre>
c&#58;\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c&#58;\program files\Analog Devices\SoundMAX\SMax4PNP .exe
c&#58;\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c&#58;\program files\Common Files\Java\Java Update\jusched .exe
c&#58;\program files\Common Files\Real\Update_OB\realsched .exe
c&#58;\program files\Common Files\Symantec Shared\ccApp .exe
c&#58;\program files\iTunes\iTunesHelper .exe
c&#58;\windows\ime\IMJP8_1\IMJPMIG .exe
</pre>
.
((((((((((((((((((((((((((((( SnapShot@2011-09-08_22.57.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-09 18:57 . 2011-09-09 18:57 40960 c:\windows\temp\rtdrvmon.exe
+ 2011-09-09 18:57 . 2011-09-09 18:57 16384 c:\windows\temp\Perflib_Perfdata_3c0.dat
+ 2009-05-14 18:28 . 2011-09-09 17:43 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-05-14 18:28 . 2011-09-08 20:43 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [N/A]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [N/A]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [N/A]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [N/A]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/09/2011 6:45 PM 64512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/08/2011 3:25 PM 2151640]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27/09/2006 9:33 PM 116464]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - EraserUtilDrv11113
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 22:48]
.
2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-09 14:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2408)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-09-09 15:10:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-09 19:10
ComboFix2.txt 2011-09-08 23:04
.
Pre-Run: 7,131,688,960 bytes free
Post-Run: 7,145,857,024 bytes free
.
- - End Of File - - 78CCB4A26A64E3AA80830E8D283EC20E


Thanks Again!

#10 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 5383 posts

Posted 10 September 2011 - 12:21 AM

Copy all lines in the box:
Killall&#58;&#58;
remV&#58;&#58;
c&#58;\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c&#58;\program files\Analog Devices\SoundMAX\SMax4PNP .exe
c&#58;\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c&#58;\program files\Common Files\Java\Java Update\jusched .exe
c&#58;\program files\Common Files\Real\Update_OB\realsched .exe
c&#58;\program files\Common Files\Symantec Shared\ccApp .exe
c&#58;\program files\iTunes\iTunesHelper .exe
c&#58;\windows\ime\IMJP8_1\IMJPMIG .exe
and paste into Notepad.
Save the file on the desktop with the name CFScript.

Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.

Restart the computer, run OTL and post that log, too.

#11 blizzard500

blizzard500

    Advanced Member

  • Members
  • PipPipPip
  • 41 posts

Posted 10 September 2011 - 01:31 AM

Here are the new logs as requested:

ComboFix:

ComboFix 11-09-08.03 - Hugo 09/09/2011 19:57:06.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.511.183 [GMT -4:00]
Running from: c:\documents and settings\Hugo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hugo\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-09 18:55 . 2011-09-09 18:55 -------- d-----w- C:\found.002
2011-09-08 03:22 . 2011-09-07 22:48 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-07 22:48 . 2011-09-07 22:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-07 22:45 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-07 22:44 . 2011-09-07 22:44 -------- d-----w- c:\program files\Lavasoft
2011-09-07 22:44 . 2011-09-07 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-09-05 17:46 . 2011-09-05 17:46 -------- d-----w- C:\found.001
2011-09-04 05:37 . 2011-09-07 20:47 0 ----a-w- c:\windows\Qbukadu.bin
2011-09-04 05:37 . 2011-09-04 05:37 -------- d-----w- c:\documents and settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}
2011-09-01 23:53 . 2011-09-01 23:53 -------- d-----w- C:\found.000
2011-08-26 22:36 . 2011-08-26 22:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2002-08-29 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-08-28 00:25 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-08-28 01:56 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
<pre>
c&#58;\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c&#58;\program files\Analog Devices\SoundMAX\SMax4PNP .exe
c&#58;\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c&#58;\program files\Common Files\Java\Java Update\jusched .exe
c&#58;\program files\Common Files\Real\Update_OB\realsched .exe
c&#58;\program files\Common Files\Symantec Shared\ccApp .exe
c&#58;\windows\ime\IMJP8_1\IMJPMIG .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [N/A]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [N/A]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [N/A]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/09/2011 6:45 PM 64512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/08/2011 3:25 PM 2151640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [07/09/2011 3:31 PM 105592]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27/09/2006 9:33 PM 116464]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 22:48]
.
2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-09 20:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ScsiAccess.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-09-09 20:20:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-10 00:20
ComboFix2.txt 2011-09-09 19:10
ComboFix3.txt 2011-09-08 23:04
.
Pre-Run: 6,852,517,888 bytes free
Post-Run: 7,111,151,616 bytes free
.
- - End Of File - - 7D28CC732224417F8BF71C668E05CB5C



OTL:




OTL logfile created on: 09/09/2011 8:21:59 PM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Hugo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

510.73 Mb Total Physical Memory | 237.64 Mb Available Physical Memory | 46.53% Memory free
1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.89% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 6.65 Gb Free Space | 22.16% Space Free | Partition Type: NTFS
Drive F: | 119.05 Gb Total Space | 9.29 Gb Free Space | 7.80% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: Hugo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Documents and Settings\Hugo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\ScsiAccess.EXE ()
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Lexmark X1100 Series\ConvDIB.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL ()
MOD - C:\WINDOWS\system32\ScsiAccess.EXE ()


========== Win32 Services (SafeList) ==========

SRV - (WmdmPmSN) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ScsiAccess) -- C:\WINDOWS\system32\ScsiAccess.EXE ()
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110907.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110907.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sf) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (V124) -- C:\WINDOWS\system32\drivers\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys (Conexant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/28 13:45:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}: C:\Documents and Settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F} [2011/09/04 01:37:30 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/09/09 20:07:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
O4 - HKLM..\Run: [ATIPTA] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [Lexmark X1100 Series] File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [SoundMAXPnP] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TkBellExe] File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries00000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1219891777750 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD0AF950-21CB-4DC0-9EB3-50820CD8D860}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Hugo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hugo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/27 20:28:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/09 20:05:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/09 19:55:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/09 15:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hugo\Desktop\SAV10
[2011/09/09 14:55:38 | 000,000,000 | ---D | C] -- C:\found.002
[2011/09/08 18:35:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/08 18:35:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/08 18:35:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/08 18:35:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/08 18:28:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/08 18:23:34 | 004,200,409 | R--- | C] (Swearware) -- C:\Documents and Settings\Hugo\Desktop\ComboFix.exe
[2011/09/07 18:48:48 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/07 18:45:01 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/09/07 18:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/09/07 18:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/09/07 18:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/09/07 16:45:54 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hugo\Desktop\TDSSKiller.exe
[2011/09/05 13:46:44 | 000,000,000 | ---D | C] -- C:\found.001
[2011/09/04 22:14:47 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hugo\Desktop\OTL.exe
[2011/09/04 01:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}
[2011/09/01 19:53:51 | 000,000,000 | ---D | C] -- C:\found.000
[2011/08/26 18:36:56 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2004/06/11 01:27:12 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/09 20:08:16 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/09 20:07:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/09 20:07:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/09 14:19:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/09 14:11:45 | 001,386,304 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\tdsskiller.zip
[2011/09/09 13:57:41 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7JN6Jyf3W.dat
[2011/09/09 13:56:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 23:17:31 | 000,154,112 | ---- | M] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/08 18:18:28 | 004,200,409 | R--- | M] (Swearware) -- C:\Documents and Settings\Hugo\Desktop\ComboFix.exe
[2011/09/07 18:48:47 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/07 18:48:46 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/07 18:45:07 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/09/07 16:47:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qbukadu.bin
[2011/09/07 16:47:12 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xtulocozi.dat
[2011/09/07 16:45:54 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hugo\Desktop\TDSSKiller.exe
[2011/09/04 22:14:52 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hugo\Desktop\OTL.exe
[2011/09/03 06:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/30 23:40:25 | 000,000,940 | -HS- | M] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/30 23:40:25 | 000,000,940 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/30 21:24:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/28 13:58:16 | 007,405,184 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Eminem & Royce Da 5'9 (Bad Meets Evil) (ft. Bruno Mars) - Lighters.mp3
[2011/08/27 17:27:08 | 004,670,935 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Pink Martini - Lilly.flv
[2011/08/26 18:36:56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/25 20:40:06 | 009,759,144 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Enrique Iglesias feat Usher, Lil Wayne & Nayer - Dirty Dancer BMF.mp3
[2011/08/25 14:33:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/24 15:31:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/22 19:54:41 | 000,565,215 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Cruise Bus.jpg
[2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/08/13 16:09:56 | 000,013,442 | ---- | M] () -- C:\WINDOWS\CDPLAYER.INI
[2011/08/10 21:11:54 | 000,435,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 21:11:54 | 000,068,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/09 14:11:39 | 001,386,304 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\tdsskiller.zip
[2011/09/09 13:56:45 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7JN6Jyf3W.dat
[2011/09/08 18:35:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/08 18:35:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/08 18:35:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/08 18:35:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/08 18:35:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/07 23:22:54 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/07 18:45:19 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/07 18:45:07 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/09/04 01:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qbukadu.bin
[2011/09/04 01:37:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xtulocozi.dat
[2011/09/01 20:08:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/30 23:40:25 | 000,000,940 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/30 23:40:25 | 000,000,940 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/28 13:58:03 | 007,405,184 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Eminem & Royce Da 5'9 (Bad Meets Evil) (ft. Bruno Mars) - Lighters.mp3
[2011/08/27 17:25:04 | 004,670,935 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Pink Martini - Lilly.flv
[2011/08/25 14:40:01 | 009,759,144 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Enrique Iglesias feat Usher, Lil Wayne & Nayer - Dirty Dancer BMF.mp3
[2011/08/22 19:54:41 | 000,565,215 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Cruise Bus.jpg
[2011/07/15 22:57:34 | 000,014,960 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\bg1w2ydj4mt17xmb51t2f0y4
[2011/07/15 22:57:34 | 000,014,960 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bg1w2ydj4mt17xmb51t2f0y4
[2011/06/21 13:44:37 | 000,016,794 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\31e5ei4kp02673
[2011/06/21 13:44:37 | 000,016,794 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\31e5ei4kp02673
[2011/05/28 23:31:14 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18669348r
[2011/05/28 23:31:13 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18669348
[2011/05/28 23:30:07 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18669348
[2011/05/26 01:51:51 | 000,017,748 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\6u3g552vn161808r6ha075onrwq0lu403514j2w321
[2011/05/26 01:51:51 | 000,017,748 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6u3g552vn161808r6ha075onrwq0lu403514j2w321
[2011/05/26 00:06:34 | 000,017,882 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\bvc487bk682w74h1c31i8a
[2011/05/26 00:06:34 | 000,017,882 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bvc487bk682w74h1c31i8a
[2011/05/21 22:30:02 | 000,017,898 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\u2pdfeer6jt15c8bh1yi08t2u4r8yots4kqgaybf880hi
[2011/05/21 22:30:02 | 000,017,898 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\u2pdfeer6jt15c8bh1yi08t2u4r8yots4kqgaybf880hi
[2011/05/21 21:59:31 | 000,018,020 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\w70st7567b4372d
[2011/05/21 21:59:31 | 000,018,020 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w70st7567b4372d
[2011/05/07 22:23:34 | 000,014,176 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\124m11kv487y04u456u06gavfn5303746288g8m2f7
[2011/05/07 22:23:34 | 000,014,176 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\124m11kv487y04u456u06gavfn5303746288g8m2f7
[2011/05/07 21:42:11 | 000,014,300 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\uffu4xy1ih56tow41713764m0032po4b717f67
[2011/05/07 21:42:11 | 000,014,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\uffu4xy1ih56tow41713764m0032po4b717f67
[2010/09/02 20:06:19 | 000,062,904 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/27 17:03:48 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Hugo\Application Data\winscp.rnd
[2009/01/26 22:39:11 | 000,001,640 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/08/27 23:57:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/27 22:22:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/08/27 22:14:16 | 000,154,112 | ---- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/27 22:06:41 | 000,013,442 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2008/08/27 21:07:53 | 000,000,230 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/08/27 21:07:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2008/08/27 21:07:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2008/08/27 21:07:41 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2008/08/27 21:07:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2008/08/27 21:07:23 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2008/08/27 21:03:24 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/08/27 20:30:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/27 20:26:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/27 16:18:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/27 16:17:44 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/10 22:44:56 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/02/04 08:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2003/02/03 06:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002/08/29 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 08:00:00 | 000,435,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 08:00:00 | 000,068,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 08:00:00 | 000,020,481 | ---- | C] () -- C:\WINDOWS\System32\elxsinh.dll
[2002/08/29 08:00:00 | 000,007,014 | ---- | C] () -- C:\WINDOWS\System32\wkrnte.dll
[2002/08/29 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/09/08 15:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2011/03/08 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2008/08/27 21:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/09 18:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2011/03/08 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/05/21 22:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/18 14:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/03 02:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/20 20:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/03/08 21:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Bell
[2009/10/17 19:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\ImTOO Software Studio
[2011/08/05 23:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Mael
[2009/06/09 18:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\PACE Anti-Piracy
[2009/01/01 03:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Red Kawa
[2010/05/14 03:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\runic games
[2009/10/17 19:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Xilisoft Corporation
[2011/09/09 20:08:16 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1230 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:DS2NzVZqpNPAHxd68DRVDM6DoA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1080 bytes -> C:\Documents and Settings\Hugo\Cookies:XxeH6lcXPDqmavuoIkPqR
@Alternate Data Stream - 1076 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:dEltvfysc8HrlHB9aJ2WUVev

< End of report >

Thanks

#12 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 5383 posts

Posted 10 September 2011 - 11:55 AM

Sorry, I misspelled a command.

Copy all lines in the box:
Killall&#58;&#58;
RenV&#58;&#58;
c&#58;\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c&#58;\program files\Analog Devices\SoundMAX\SMax4PNP .exe
c&#58;\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c&#58;\program files\Common Files\Java\Java Update\jusched .exe
c&#58;\program files\Common Files\Real\Update_OB\realsched .exe
c&#58;\program files\Common Files\Symantec Shared\ccApp .exe
c&#58;\program files\iTunes\iTunesHelper .exe
c&#58;\windows\ime\IMJP8_1\IMJPMIG .exe
and paste into Notepad.
Save the file on the desktop with the name CFScript.

Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.

#13 blizzard500

blizzard500

    Advanced Member

  • Members
  • PipPipPip
  • 41 posts

Posted 10 September 2011 - 07:03 PM

Thanks CeciliaB,

Here is the latest CombFix Log:

ComboFix 11-09-08.03 - Hugo 10/09/2011 13:42:14.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.511.259 [GMT -4:00]
Running from: c:\documents and settings\Hugo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hugo\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ednb.exe
c:\documents and settings\All Users\Application Data\nrba.exe
c:\documents and settings\All Users\Application Data\qrna.exe
c:\documents and settings\All Users\Application Data\rxdh.exe
c:\documents and settings\Hugo\Local Settings\Application Data\cvvi.exe
c:\documents and settings\Hugo\Local Settings\Application Data\nmrt.exe
c:\documents and settings\Hugo\Local Settings\Application Data\tplj.exe
c:\documents and settings\Hugo\Local Settings\Application Data\wdm.exe
c:\documents and settings\Hugo\Local Settings\Application Data\wlrv.exe
c:\documents and settings\Hugo\Templates\gacc.exe
c:\documents and settings\Hugo\Templates\pdsq.exe
c:\documents and settings\Hugo\Templates\pjxa.exe
c:\documents and settings\Hugo\Templates\pman.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-09 18:55 . 2011-09-09 18:55 -------- d-----w- C:\found.002
2011-09-08 03:22 . 2011-09-07 22:48 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-07 22:48 . 2011-09-07 22:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-07 22:45 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-07 22:44 . 2011-09-07 22:44 -------- d-----w- c:\program files\Lavasoft
2011-09-07 22:44 . 2011-09-07 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-09-05 17:46 . 2011-09-05 17:46 -------- d-----w- C:\found.001
2011-09-04 05:37 . 2011-09-07 20:47 0 ----a-w- c:\windows\Qbukadu.bin
2011-09-04 05:37 . 2011-09-04 05:37 -------- d-----w- c:\documents and settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}
2011-09-01 23:53 . 2011-09-01 23:53 -------- d-----w- C:\found.000
2011-08-26 22:36 . 2011-08-26 22:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2002-08-29 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-08-28 00:25 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-08-28 01:56 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
<pre>
c&#58;\program files\Common Files\Symantec Shared\ccApp .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-11 339968]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [N/A]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-28 185896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/09/2011 6:45 PM 64512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/08/2011 3:25 PM 2151640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [07/09/2011 3:31 PM 105592]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [18/08/2011 3:25 PM 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27/09/2006 9:33 PM 116464]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 22:48]
.
2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-10 13:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2396)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ScsiAccess.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-09-10 14:03:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-10 18:03
ComboFix2.txt 2011-09-10 00:20
ComboFix3.txt 2011-09-09 19:10
ComboFix4.txt 2011-09-08 23:04
.
Pre-Run: 7,031,324,672 bytes free
Post-Run: 7,129,145,344 bytes free
.
- - End Of File - - 726C3F2578E98123837C17207C8B5625


Thanks!

#14 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 5383 posts

Posted 11 September 2011 - 12:04 AM

Good!

1.
Copy all lines in the box:
Killall&#58;&#58;
File&#58;&#58;
c&#58;\windows\Qbukadu.bin
C&#58;\WINDOWS\Xtulocozi.dat
RenV&#58;&#58; 
c&#58;\program files\Common Files\Symantec Shared\ccApp .exe
and paste into Notepad.
Save the file on the desktop with the name CFScript.

Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.

2.
Do a scan in Ad-Aware and post the log if any bad files are found. If the program only finds cookies, you can skip to post the log.

3.
Run an online scan with Eset http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Un-check "Remove found threats"
Check "Scan Archives"

Click "Advanced Settings"
Check:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Scan

When the scan completes the log file C:\Program\Eset\Eset Online Scanner\log.txt is created. Open it in Notepad and paste its content in your answer.

#15 blizzard500

blizzard500

    Advanced Member

  • Members
  • PipPipPip
  • 41 posts

Posted 11 September 2011 - 03:18 AM

Thanks for the prompt reply. Here are the items you requested:

1. ComboFix Log:

ComboFix 11-09-08.03 - Hugo 10/09/2011 19:42:15.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.511.222 [GMT -4:00]
Running from: c:\documents and settings\Hugo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hugo\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
FILE ::
"c:\windows\Qbukadu.bin"
"c:\windows\Xtulocozi.dat"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Qbukadu.bin
c:\windows\Xtulocozi.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-09 18:55 . 2011-09-09 18:55 -------- d-----w- C:\found.002
2011-09-08 03:22 . 2011-09-07 22:48 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-07 22:48 . 2011-09-07 22:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-07 22:45 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-07 22:44 . 2011-09-07 22:44 -------- d-----w- c:\program files\Lavasoft
2011-09-07 22:44 . 2011-09-07 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-09-05 17:46 . 2011-09-05 17:46 -------- d-----w- C:\found.001
2011-09-04 05:37 . 2011-09-04 05:37 -------- d-----w- c:\documents and settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}
2011-09-01 23:53 . 2011-09-01 23:53 -------- d-----w- C:\found.000
2011-08-26 22:36 . 2011-08-26 22:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2002-08-29 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-08-28 00:25 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-08-28 01:56 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
<pre>
c&#58;\program files\Common Files\Symantec Shared\ccApp .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-11 339968]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [N/A]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-28 185896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/09/2011 6:45 PM 64512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/08/2011 3:25 PM 2151640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [07/09/2011 3:31 PM 105592]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [18/08/2011 3:25 PM 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27/09/2006 9:33 PM 116464]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 22:48]
.
2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-10 19:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2236)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ScsiAccess.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-09-10 20:03:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-11 00:03
ComboFix2.txt 2011-09-10 18:03
ComboFix3.txt 2011-09-10 00:20
ComboFix4.txt 2011-09-09 19:10
ComboFix5.txt 2011-09-10 23:40
.
Pre-Run: 7,067,574,272 bytes free
Post-Run: 7,100,489,728 bytes free
.
- - End Of File - - 30B1F7EDE45C444F60E9B432ED055D6F


2. Ad-Aware smart scan option only found 16 cookies, so the log will not be posted as per your command.

3. Eset Scan Log:

C:\Program Files\QuickTime\QTTask.exe a variant of Win32/Injector.JCF trojan
C:\Qoobox\Quarantine\C\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe.vir a variant of Win32/Injector.JCF trojan
C:\Qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe.vir a variant of Win32/Injector.JCF trojan
C:\Qoobox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe.vir a variant of Win32/Injector.JCF trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\Java\Java Update\jusched.exe.vir a variant of Win32/Injector.JCF trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir a variant of Win32/Injector.JCF trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccApp.exe.vir a variant of Win32/Injector.JCF trojan
C:\Qoobox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir a variant of Win32/Injector.JCF trojan
C:\Qoobox\Quarantine\C\Program Files\Lexmark X1100 Series\lxbkbmgr.exe.vir a variant of Win32/Injector.JCF trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir a variant of Win32/Injector.JCF trojan
C:\Qoobox\Quarantine\C\PROGRA~1\SYMANT~1\VPTray.exe.vir a variant of Win32/Injector.JCF trojan
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\On6WEm.com.vir a variant of Win32/Injector.JCF trojan
C:\WINDOWS\ime\IMJP8_1\imjpmig.exe.tmp a variant of Win32/Injector.JCF trojan

Thanks!

#16 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 5383 posts

Posted 11 September 2011 - 10:12 AM

You are welcome :)
Good!

1.
Copy all lines in the box:
Killall&#58;&#58;
File&#58;&#58;
C&#58;\WINDOWS\ime\IMJP8_1\imjpmig.exe.tmp
C&#58;\Program Files\QuickTime\QTTask.exe
c&#58;\program files\Common Files\Symantec Shared\ccApp .exe
and paste into Notepad.
Save the file on the desktop with the name CFScript.

Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.

2.
Restart the computer, run OTL and paste its log, too.

#17 blizzard500

blizzard500

    Advanced Member

  • Members
  • PipPipPip
  • 41 posts

Posted 11 September 2011 - 07:43 PM

1. Here is the new ComboFix Log:

ComboFix 11-09-08.03 - Hugo 11/09/2011 13:57:15.11.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.511.132 [GMT -4:00]
Running from: c:\documents and settings\Hugo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hugo\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
FILE ::
"c:\program files\Common Files\Symantec Shared\ccApp .exe"
"c:\program files\QuickTime\QTTask.exe"
"c:\windows\ime\IMJP8_1\imjpmig.exe.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\QuickTime\QTTask.exe
c:\windows\ime\IMJP8_1\imjpmig.exe.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-08-11 to 2011-09-11 )))))))))))))))))))))))))))))))
.
.
2011-09-09 18:55 . 2011-09-09 18:55 -------- d-----w- C:\found.002
2011-09-08 03:22 . 2011-09-07 22:48 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-07 22:48 . 2011-09-07 22:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-07 22:45 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-07 22:44 . 2011-09-07 22:44 -------- d-----w- c:\program files\Lavasoft
2011-09-07 22:44 . 2011-09-07 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-09-05 17:46 . 2011-09-05 17:46 -------- d-----w- C:\found.001
2011-09-04 05:37 . 2011-09-04 05:37 -------- d-----w- c:\documents and settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}
2011-09-01 23:53 . 2011-09-01 23:53 -------- d-----w- C:\found.000
2011-08-26 22:36 . 2011-08-26 22:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2002-08-29 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-08-28 00:25 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-08-28 01:56 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-11 339968]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-28 185896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/09/2011 6:45 PM 64512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/08/2011 3:25 PM 2151640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [07/09/2011 3:31 PM 105592]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [18/08/2011 3:25 PM 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27/09/2006 9:33 PM 116464]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 22:48]
.
2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Lexmark X1100 Series - c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-11 14:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2752)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ScsiAccess.EXE
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-09-11 14:21:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-11 18:21
ComboFix2.txt 2011-09-11 00:04
ComboFix3.txt 2011-09-10 18:03
ComboFix4.txt 2011-09-10 00:20
ComboFix5.txt 2011-09-11 17:54
.
Pre-Run: 7,084,609,536 bytes free
Post-Run: 7,091,679,232 bytes free
.
- - End Of File - - 7576F692E16CB277D5EB27FA2861D940


2. Here is the new OTL Log:


OTL logfile created on: 11/09/2011 2:32:29 PM - Run 4
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Hugo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

510.73 Mb Total Physical Memory | 106.46 Mb Available Physical Memory | 20.84% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 72.33% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 6.63 Gb Free Space | 22.10% Space Free | Partition Type: NTFS
Drive F: | 119.05 Gb Total Space | 12.00 Gb Free Space | 10.08% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: Hugo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Documents and Settings\Hugo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DoScan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\ScsiAccess.EXE ()
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Lexmark X1100 Series\ConvDIB.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL ()
MOD - C:\WINDOWS\system32\ScsiAccess.EXE ()


========== Win32 Services (SafeList) ==========

SRV - (WmdmPmSN) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ScsiAccess) -- C:\WINDOWS\system32\ScsiAccess.EXE ()
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110907.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110907.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sf) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (V124) -- C:\WINDOWS\system32\drivers\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys (Conexant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/28 13:45:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}: C:\Documents and Settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F} [2011/09/04 01:37:30 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/09/11 14:07:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries00000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1219891777750 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD0AF950-21CB-4DC0-9EB3-50820CD8D860}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Hugo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hugo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/27 20:28:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/11 14:05:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/11 13:52:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/09 15:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hugo\Desktop\SAV10
[2011/09/09 14:55:38 | 000,000,000 | ---D | C] -- C:\found.002
[2011/09/08 18:35:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/08 18:35:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/08 18:35:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/08 18:35:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/08 18:28:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/08 18:23:34 | 004,200,409 | R--- | C] (Swearware) -- C:\Documents and Settings\Hugo\Desktop\ComboFix.exe
[2011/09/07 18:48:48 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/07 18:45:01 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/09/07 18:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/09/07 18:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/09/07 18:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/09/07 16:45:54 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hugo\Desktop\TDSSKiller.exe
[2011/09/05 13:46:44 | 000,000,000 | ---D | C] -- C:\found.001
[2011/09/04 22:14:47 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hugo\Desktop\OTL.exe
[2011/09/04 01:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hugo\Local Settings\Application Data\{9426BDAC-7E78-410A-9AD2-20B8087EA45F}
[2011/09/01 19:53:51 | 000,000,000 | ---D | C] -- C:\found.000
[2011/08/26 18:36:56 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2004/06/11 01:27:12 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/11 14:31:30 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/11 14:31:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/11 14:07:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/10 18:50:08 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/10 18:50:08 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/09 23:41:24 | 000,001,064 | -HS- | M] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\6m7o1f8nxd0
[2011/09/09 23:41:24 | 000,001,064 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6m7o1f8nxd0
[2011/09/09 14:19:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/09 14:11:45 | 001,386,304 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\tdsskiller.zip
[2011/09/09 13:57:41 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7JN6Jyf3W.dat
[2011/09/09 13:56:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 23:17:31 | 000,154,112 | ---- | M] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/08 18:18:28 | 004,200,409 | R--- | M] (Swearware) -- C:\Documents and Settings\Hugo\Desktop\ComboFix.exe
[2011/09/07 18:48:47 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/07 18:48:46 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/07 18:45:07 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/09/07 16:45:54 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hugo\Desktop\TDSSKiller.exe
[2011/09/04 22:14:52 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hugo\Desktop\OTL.exe
[2011/09/03 06:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/30 23:40:25 | 000,000,940 | -HS- | M] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/30 23:40:25 | 000,000,940 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/30 21:24:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/28 13:58:16 | 007,405,184 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Eminem & Royce Da 5'9 (Bad Meets Evil) (ft. Bruno Mars) - Lighters.mp3
[2011/08/27 17:27:08 | 004,670,935 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Pink Martini - Lilly.flv
[2011/08/26 18:36:56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/25 20:40:06 | 009,759,144 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Enrique Iglesias feat Usher, Lil Wayne & Nayer - Dirty Dancer BMF.mp3
[2011/08/25 14:33:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/24 15:31:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/22 19:54:41 | 000,565,215 | ---- | M] () -- C:\Documents and Settings\Hugo\Desktop\Cruise Bus.jpg
[2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/08/13 16:09:56 | 000,013,442 | ---- | M] () -- C:\WINDOWS\CDPLAYER.INI
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/10 18:50:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/10 18:50:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/09 23:41:24 | 000,001,064 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\6m7o1f8nxd0
[2011/09/09 23:41:24 | 000,001,064 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6m7o1f8nxd0
[2011/09/09 14:11:39 | 001,386,304 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\tdsskiller.zip
[2011/09/09 13:56:45 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7JN6Jyf3W.dat
[2011/09/08 18:35:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/08 18:35:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/08 18:35:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/08 18:35:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/08 18:35:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/07 23:22:54 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/07 18:45:19 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/07 18:45:07 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/09/01 20:08:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/30 23:40:25 | 000,000,940 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/30 23:40:25 | 000,000,940 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
[2011/08/28 13:58:03 | 007,405,184 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Eminem & Royce Da 5'9 (Bad Meets Evil) (ft. Bruno Mars) - Lighters.mp3
[2011/08/27 17:25:04 | 004,670,935 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Pink Martini - Lilly.flv
[2011/08/25 14:40:01 | 009,759,144 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Enrique Iglesias feat Usher, Lil Wayne & Nayer - Dirty Dancer BMF.mp3
[2011/08/22 19:54:41 | 000,565,215 | ---- | C] () -- C:\Documents and Settings\Hugo\Desktop\Cruise Bus.jpg
[2011/07/15 22:57:34 | 000,014,960 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\bg1w2ydj4mt17xmb51t2f0y4
[2011/07/15 22:57:34 | 000,014,960 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bg1w2ydj4mt17xmb51t2f0y4
[2011/06/21 13:44:37 | 000,016,794 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\31e5ei4kp02673
[2011/06/21 13:44:37 | 000,016,794 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\31e5ei4kp02673
[2011/05/28 23:31:14 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18669348r
[2011/05/28 23:31:13 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18669348
[2011/05/28 23:30:07 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18669348
[2011/05/26 01:51:51 | 000,017,748 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\6u3g552vn161808r6ha075onrwq0lu403514j2w321
[2011/05/26 01:51:51 | 000,017,748 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6u3g552vn161808r6ha075onrwq0lu403514j2w321
[2011/05/26 00:06:34 | 000,017,882 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\bvc487bk682w74h1c31i8a
[2011/05/26 00:06:34 | 000,017,882 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bvc487bk682w74h1c31i8a
[2011/05/21 22:30:02 | 000,017,898 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\u2pdfeer6jt15c8bh1yi08t2u4r8yots4kqgaybf880hi
[2011/05/21 22:30:02 | 000,017,898 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\u2pdfeer6jt15c8bh1yi08t2u4r8yots4kqgaybf880hi
[2011/05/21 21:59:31 | 000,018,020 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\w70st7567b4372d
[2011/05/21 21:59:31 | 000,018,020 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w70st7567b4372d
[2011/05/07 22:23:34 | 000,014,176 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\124m11kv487y04u456u06gavfn5303746288g8m2f7
[2011/05/07 22:23:34 | 000,014,176 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\124m11kv487y04u456u06gavfn5303746288g8m2f7
[2011/05/07 21:42:11 | 000,014,300 | -HS- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\uffu4xy1ih56tow41713764m0032po4b717f67
[2011/05/07 21:42:11 | 000,014,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\uffu4xy1ih56tow41713764m0032po4b717f67
[2010/09/02 20:06:19 | 000,062,904 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/27 17:03:48 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Hugo\Application Data\winscp.rnd
[2009/01/26 22:39:11 | 000,001,640 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/08/27 23:57:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/27 22:22:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/08/27 22:14:16 | 000,154,112 | ---- | C] () -- C:\Documents and Settings\Hugo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/27 22:06:41 | 000,013,442 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2008/08/27 21:07:53 | 000,000,230 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/08/27 21:07:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2008/08/27 21:07:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2008/08/27 21:07:41 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2008/08/27 21:07:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2008/08/27 21:07:23 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2008/08/27 21:03:24 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/08/27 20:30:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/27 20:26:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/27 16:18:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/27 16:17:44 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/10 22:44:56 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/02/04 08:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2003/02/03 06:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002/08/29 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 08:00:00 | 000,435,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 08:00:00 | 000,068,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 08:00:00 | 000,020,481 | ---- | C] () -- C:\WINDOWS\System32\elxsinh.dll
[2002/08/29 08:00:00 | 000,007,014 | ---- | C] () -- C:\WINDOWS\System32\wkrnte.dll
[2002/08/29 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/09/08 15:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2011/03/08 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2008/08/27 21:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/09 18:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2011/03/08 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/05/21 22:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/18 14:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/03 02:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/20 20:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/03/08 21:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Bell
[2009/10/17 19:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\ImTOO Software Studio
[2011/08/05 23:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Mael
[2009/06/09 18:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\PACE Anti-Piracy
[2009/01/01 03:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Red Kawa
[2010/05/14 03:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\runic games
[2009/10/17 19:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugo\Application Data\Xilisoft Corporation
[2011/09/11 14:31:30 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1230 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:DS2NzVZqpNPAHxd68DRVDM6DoA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1080 bytes -> C:\Documents and Settings\Hugo\Cookies:XxeH6lcXPDqmavuoIkPqR
@Alternate Data Stream - 1076 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:dEltvfysc8HrlHB9aJ2WUVev

< End of report >

Thanks again

#18 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 5383 posts

Posted 13 September 2011 - 01:06 PM

You're welcome :)

Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.
How? See http://www.bleepingc...opic114351.html

Start the program OTL.
Copy all the lines in the box:
&#58;OTL
O2 - BHO&#58; &#40;no name&#41; - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - File not found
&#91;2011/09/09 23&#58;41&#58;24 | 000,001,064 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\Hugo\Local Settings\Application Data\6m7o1f8nxd0
&#91;2011/09/09 23&#58;41&#58;24 | 000,001,064 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\All Users\Application Data\6m7o1f8nxd0
&#91;2011/08/30 23&#58;40&#58;25 | 000,000,940 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\Hugo\Local Settings\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
&#91;2011/08/30 23&#58;40&#58;25 | 000,000,940 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\All Users\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66
&#91;2011/07/15 22&#58;57&#58;34 | 000,014,960 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\Hugo\Local Settings\Application Data\bg1w2ydj4mt17xmb51t2f0y4
&#91;2011/07/15 22&#58;57&#58;34 | 000,014,960 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\All Users\Application Data\bg1w2ydj4mt17xmb51t2f0y4
&#91;2011/06/21 13&#58;44&#58;37 | 000,016,794 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\Hugo\Local Settings\Application Data\31e5ei4kp02673
&#91;2011/06/21 13&#58;44&#58;37 | 000,016,794 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\All Users\Application Data\31e5ei4kp02673
&#91;2011/05/28 23&#58;31&#58;14 | 000,000,136 | ---- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\All Users\Application Data\~18669348r
&#91;2011/05/28 23&#58;31&#58;13 | 000,000,104 | ---- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\All Users\Application Data\~18669348
&#91;2011/05/28 23&#58;30&#58;07 | 000,000,400 | ---- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\All Users\Application Data\18669348
&#91;2011/05/26 01&#58;51&#58;51 | 000,017,748 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\Hugo\Local Settings\Application Data\6u3g552vn161808r6ha075onrwq0lu403514j2w321
&#91;2011/05/26 01&#58;51&#58;51 | 000,017,748 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\All Users\Application Data\6u3g552vn161808r6ha075onrwq0lu403514j2w321
&#91;2011/05/26 00&#58;06&#58;34 | 000,017,882 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\Hugo\Local Settings\Application Data\bvc487bk682w74h1c31i8a
&#91;2011/05/26 00&#58;06&#58;34 | 000,017,882 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\All Users\Application Data\bvc487bk682w74h1c31i8a
&#91;2011/05/21 22&#58;30&#58;02 | 000,017,898 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\Hugo\Local Settings\Application Data\u2pdfeer6jt15c8bh1yi08t2u4r8yots4kqgaybf880hi
&#91;2011/05/21 22&#58;30&#58;02 | 000,017,898 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\All Users\Application Data\u2pdfeer6jt15c8bh1yi08t2u4r8yots4kqgaybf880hi
&#91;2011/05/21 21&#58;59&#58;31 | 000,018,020 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\Hugo\Local Settings\Application Data\w70st7567b4372d
&#91;2011/05/21 21&#58;59&#58;31 | 000,018,020 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\All Users\Application Data\w70st7567b4372d
&#91;2011/05/07 22&#58;23&#58;34 | 000,014,176 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\Hugo\Local Settings\Application Data\124m11kv487y04u456u06gavfn5303746288g8m2f7
&#91;2011/05/07 22&#58;23&#58;34 | 000,014,176 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\All Users\Application Data\124m11kv487y04u456u06gavfn5303746288g8m2f7
&#91;2011/05/07 21&#58;42&#58;11 | 000,014,300 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\Hugo\Local Settings\Application Data\uffu4xy1ih56tow41713764m0032po4b717f67
&#91;2011/05/07 21&#58;42&#58;11 | 000,014,300 | -HS- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\All Users\Application Data\uffu4xy1ih56tow41713764m0032po4b717f67
@Alternate Data Stream - 1230 bytes -> C&#58;\Documents and Settings\All Users\Application Data\Microsoft&#58;DS2NzVZqpNPAHxd68DRVDM6DoA
@Alternate Data Stream - 121 bytes -> C&#58;\Documents and Settings\All Users\Application Data\TEMP&#58;DFC5A2B2
@Alternate Data Stream - 109 bytes -> C&#58;\Documents and Settings\All Users\Application Data\TEMP&#58;A8ADE5D8
@Alternate Data Stream - 1080 bytes -> C&#58;\Documents and Settings\Hugo\Cookies&#58;XxeH6lcXPDqmavuoIkPqR
@Alternate Data Stream - 1076 bytes -> C&#58;\Documents and Settings\All Users\Application Data\Microsoft&#58;dEltvfysc8HrlHB9aJ2WUVev
&#58;Commands
&#91;CREATERESTOREPOINT&#93;
&#91;EMPTYTEMP&#93;
&#91;REBOOT&#93;
Paste them into the field Custom Scans/Fixes.
Click on Run Fix.

If you are asked to restart the computer do that.

Notepad will pop-up with a log. Copy it and paste it into your answer.
If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

Be sure that antivirus programs etc. are active before connecting to internet.

#19 blizzard500

blizzard500

    Advanced Member

  • Members
  • PipPipPip
  • 41 posts

Posted 13 September 2011 - 11:14 PM

When I reboot my computer I get a message: Virus Definition Daemon has encountered a problem and needs to close. We are sorry for the inconvenience-I have an option to send or not send the error report.

Here is the OTL log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-qt2009\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03947252-2355-4e9b-B446-8CCC75C43370}\ deleted successfully.
File {03947252-2355-4e9b-B446-8CCC75C43370} - File not found not found.
C:\Documents and Settings\Hugo\Local Settings\Application Data\6m7o1f8nxd0 moved successfully.
C:\Documents and Settings\All Users\Application Data\6m7o1f8nxd0 moved successfully.
File C:\Documents and Settings\Hugo\Local Settings\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66 not found.
File C:\Documents and Settings\All Users\Application Data6k16571agil24qn0o3ht88226g10mhv0aarrk7wyp66 not found.
C:\Documents and Settings\Hugo\Local Settings\Application Data\bg1w2ydj4mt17xmb51t2f0y4 moved successfully.
C:\Documents and Settings\All Users\Application Data\bg1w2ydj4mt17xmb51t2f0y4 moved successfully.
C:\Documents and Settings\Hugo\Local Settings\Application Data\31e5ei4kp02673 moved successfully.
C:\Documents and Settings\All Users\Application Data\31e5ei4kp02673 moved successfully.
C:\Documents and Settings\All Users\Application Data\~18669348r moved successfully.
C:\Documents and Settings\All Users\Application Data\~18669348 moved successfully.
C:\Documents and Settings\All Users\Application Data\18669348 moved successfully.
C:\Documents and Settings\Hugo\Local Settings\Application Data\6u3g552vn161808r6ha075onrwq0lu403514j2w321 moved successfully.
C:\Documents and Settings\All Users\Application Data\6u3g552vn161808r6ha075onrwq0lu403514j2w321 moved successfully.
C:\Documents and Settings\Hugo\Local Settings\Application Data\bvc487bk682w74h1c31i8a moved successfully.
C:\Documents and Settings\All Users\Application Data\bvc487bk682w74h1c31i8a moved successfully.
C:\Documents and Settings\Hugo\Local Settings\Application Data\u2pdfeer6jt15c8bh1yi08t2u4r8yots4kqgaybf880hi moved successfully.
C:\Documents and Settings\All Users\Application Data\u2pdfeer6jt15c8bh1yi08t2u4r8yots4kqgaybf880hi moved successfully.
C:\Documents and Settings\Hugo\Local Settings\Application Data\w70st7567b4372d moved successfully.
C:\Documents and Settings\All Users\Application Data\w70st7567b4372d moved successfully.
C:\Documents and Settings\Hugo\Local Settings\Application Data\124m11kv487y04u456u06gavfn5303746288g8m2f7 moved successfully.
C:\Documents and Settings\All Users\Application Data\124m11kv487y04u456u06gavfn5303746288g8m2f7 moved successfully.
C:\Documents and Settings\Hugo\Local Settings\Application Data\uffu4xy1ih56tow41713764m0032po4b717f67 moved successfully.
C:\Documents and Settings\All Users\Application Data\uffu4xy1ih56tow41713764m0032po4b717f67 moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:DS2NzVZqpNPAHxd68DRVDM6DoA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\Hugo\Cookies:XxeH6lcXPDqmavuoIkPqR deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:dEltvfysc8HrlHB9aJ2WUVev deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Hugo
->Temp folder emptied: 456263 bytes
->Temporary Internet Files folder emptied: 225141167 bytes
->Java cache emptied: 5453 bytes
->Flash cache emptied: 487 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 14642 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40960 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 216.00 mb


OTL by OldTimer - Version 3.2.27.0 log created on 09132011_174431

Files\Folders moved on Reboot...
C:\Documents and Settings\Hugo\Local Settings\Temporary Internet Files\Content.IE5\EX8C4WFD\iframe[2].htm moved successfully.
C:\Documents and Settings\Hugo\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Thanks!

#20 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 5383 posts

Posted 14 September 2011 - 12:11 AM

Sorry, the reason to the error message from Symantec antivirus program is probably due to that a file it needs was moved by OTL. Since you should either upgrade Symantec antivirus program to the latest version or switch to another antivirus program to improve security, it is easier if you could do that instead of us trying to find out which file that should be moved back.

Does the computer behave as it should now, except for the error message, or is it still laggy and with redirects?

Please, post a new OTL log for a last check.
Back to Resolved/Inactive HijackThis Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Lavasoft Support Forums
  2. Archived Topics
  3. Archives: Resolved/Inactive Topics
  4. Resolved/Inactive HijackThis Logs
  5. Terms of Service