-
Click.GiftLoad issue, and possible other issues (including AdWare?)
Hi, I've fallen victim to an rogue anti-spyware program recently called 'Antimalware Doctor' I have gotten rid of the infection fully, but it seems I have many more issues (I'm not sure when they came, but they've been around..) also, when browsing the Internet, a new tab randomly opens up and redirects me to a random link, usually spam. I assume this is AdWare, but I'm not tech savy
Running a Spybot Search & Destroy scan, I found out my PC has things like Click.GiftLoad, the main issue; and others like virtumonde.sci and Win32.Muollo.
Here is a DDS Log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 22:54:03.12 on Fri 04/15/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.736.135 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gooogle.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\cpfbtxph.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405728&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c882eb7&v=6.103.018.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-14 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-14 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-14 243024]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/05/14 17:44:15];c:\program files\cyberlink\powerdvd9\000.fcl [2009-8-28 87536]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-16 02:23:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-16 02:23:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-15 22:33:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2011-04-15 22:33:14 -------- d-----w- c:\program files\Security Task Manager
2011-04-15 08:39:43 -------- d-----w- C:\ad1a7802bb77c8f7813dc3863d84
2011-04-15 08:31:06 -------- dc----w- c:\docume~1\alluse~1\applic~1\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-15 08:00:01 -------- d-----w- c:\program files\CCleaner
2011-04-15 04:33:25 -------- d-----w- c:\docume~1\owner\applic~1\2607E910350D64C4EE0251A0CC2E2AF9
2011-04-14 01:28:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 01:28:01 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-14 01:28:01 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-14 01:28:01 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-14 01:28:01 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-14 01:28:01 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-14 01:28:00 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-14 01:28:00 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-08 08:00:35 -------- d-----w- C:\8ca0b83d688ede0de678dbf6e9
2011-04-02 23:52:01 -------- d-----w- c:\docume~1\owner\applic~1\NeopleLauncherDFO
2011-04-02 08:00:55 -------- d-----w- C:\209fa332027fefcf56
2011-03-27 07:48:50 -------- d-----w- C:\4c4e79c042e84df9ecff053247
2011-03-26 19:36:45 -------- d-----w- C:\1ec4696d64017a525ef37580d2f4be
2011-03-26 19:19:39 -------- d-----w- C:\6aeccf1a9a368f353ac227
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800BB-00JHC0 rev.05.01C05 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82B47439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82b4d7d0]; MOV EAX, [0x82b4d84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x82B9DAB8]
3 CLASSPNP[0xF780F05B] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000053[0x82B8AF18]
5 ACPI[0xF7785620] -> nt!IofCallDriver[0x804E13B9] -> [0x82BA2D98]
\Driver\atapi[0x82BA2318] -> IRP_MJ_CREATE -> 0x82B47439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800BB-00JHC0______________________05.01C05#5&1020bedf&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x82B4727F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:56:33.68 ===============
-
Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
What you removed, if its removed was just the tip of the iceburg, your infected with a Rootkit
Please download TDSSKiller.zip- Extract it to your desktop
- Double click TDSSKiller.exe
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
-
Hi ken545! Thank you for helping me out, here is a result of the TDSSKiller scan:
2011/04/17 21:16:45.0343 2912 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/17 21:16:45.0781 2912 ================================================================================
2011/04/17 21:16:45.0781 2912 SystemInfo:
2011/04/17 21:16:45.0781 2912
2011/04/17 21:16:45.0781 2912 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/17 21:16:45.0781 2912 Product type: Workstation
2011/04/17 21:16:45.0781 2912 ComputerName: OWNER-773CC470D
2011/04/17 21:16:45.0781 2912 UserName: Owner
2011/04/17 21:16:45.0781 2912 Windows directory: C:\WINDOWS
2011/04/17 21:16:45.0781 2912 System windows directory: C:\WINDOWS
2011/04/17 21:16:45.0781 2912 Processor architecture: Intel x86
2011/04/17 21:16:45.0781 2912 Number of processors: 1
2011/04/17 21:16:45.0781 2912 Page size: 0x1000
2011/04/17 21:16:45.0796 2912 Boot type: Normal boot
2011/04/17 21:16:45.0796 2912 ================================================================================
2011/04/17 21:16:46.0562 2912 Initialize success
2011/04/17 21:17:47.0265 2124 ================================================================================
2011/04/17 21:17:47.0265 2124 Scan started
2011/04/17 21:17:47.0265 2124 Mode: Manual;
2011/04/17 21:17:47.0265 2124 ================================================================================
2011/04/17 21:17:48.0796 2124 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/17 21:17:48.0937 2124 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/17 21:17:49.0109 2124 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/04/17 21:17:49.0250 2124 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/04/17 21:17:49.0875 2124 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/17 21:17:50.0000 2124 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/17 21:17:50.0140 2124 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/17 21:17:50.0234 2124 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/17 21:17:50.0406 2124 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2011/04/17 21:17:50.0578 2124 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2011/04/17 21:17:50.0687 2124 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2011/04/17 21:17:50.0843 2124 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/17 21:17:50.0937 2124 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/17 21:17:51.0125 2124 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/17 21:17:51.0234 2124 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/17 21:17:51.0359 2124 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/17 21:17:51.0656 2124 cmuda3 (b67d8b53e0292cfca4ab612b081e8460) C:\WINDOWS\system32\drivers\cmudax3.sys
2011/04/17 21:17:52.0000 2124 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/17 21:17:52.0171 2124 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/17 21:17:52.0312 2124 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/17 21:17:52.0421 2124 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/17 21:17:52.0531 2124 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/17 21:17:52.0703 2124 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/17 21:17:53.0046 2124 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/17 21:17:53.0187 2124 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/17 21:17:53.0281 2124 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/17 21:17:53.0390 2124 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/17 21:17:53.0484 2124 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/17 21:17:53.0593 2124 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/17 21:17:53.0687 2124 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/17 21:17:53.0812 2124 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/04/17 21:17:53.0937 2124 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/17 21:17:54.0062 2124 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/17 21:17:54.0187 2124 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/17 21:17:54.0500 2124 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/17 21:17:54.0796 2124 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/17 21:17:54.0890 2124 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/17 21:17:55.0156 2124 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/17 21:17:55.0250 2124 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/17 21:17:55.0343 2124 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/17 21:17:55.0453 2124 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/17 21:17:55.0531 2124 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/17 21:17:55.0625 2124 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/17 21:17:55.0703 2124 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/17 21:17:55.0828 2124 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/17 21:17:55.0953 2124 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/17 21:17:56.0062 2124 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/17 21:17:56.0171 2124 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/17 21:17:56.0296 2124 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/17 21:17:56.0562 2124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/17 21:17:56.0718 2124 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/17 21:17:56.0828 2124 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/17 21:17:56.0937 2124 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/17 21:17:57.0031 2124 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/17 21:17:57.0203 2124 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/17 21:17:57.0343 2124 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/17 21:17:57.0562 2124 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/17 21:17:57.0687 2124 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/17 21:17:57.0859 2124 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/17 21:17:57.0953 2124 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/17 21:17:58.0093 2124 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/17 21:17:58.0187 2124 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/17 21:17:58.0296 2124 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/17 21:17:58.0437 2124 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/17 21:17:58.0578 2124 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/17 21:17:58.0671 2124 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/17 21:17:58.0750 2124 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/17 21:17:58.0875 2124 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/17 21:17:58.0953 2124 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/17 21:17:59.0187 2124 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/17 21:17:59.0296 2124 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/17 21:17:59.0484 2124 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/17 21:17:59.0781 2124 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/17 21:18:00.0109 2124 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/17 21:18:00.0187 2124 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/17 21:18:00.0359 2124 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/17 21:18:00.0468 2124 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/17 21:18:00.0562 2124 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/17 21:18:00.0656 2124 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/17 21:18:00.0828 2124 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/17 21:18:00.0921 2124 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/17 21:18:01.0421 2124 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/17 21:18:01.0484 2124 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/17 21:18:01.0562 2124 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/17 21:18:01.0687 2124 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/17 21:18:02.0093 2124 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/17 21:18:02.0171 2124 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/17 21:18:02.0296 2124 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/17 21:18:02.0406 2124 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/17 21:18:02.0531 2124 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/17 21:18:02.0640 2124 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/17 21:18:02.0765 2124 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/17 21:18:02.0921 2124 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/17 21:18:03.0125 2124 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/17 21:18:03.0250 2124 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/17 21:18:03.0343 2124 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/17 21:18:03.0500 2124 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/17 21:18:03.0718 2124 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/04/17 21:18:03.0875 2124 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/17 21:18:04.0015 2124 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/17 21:18:04.0140 2124 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/17 21:18:04.0312 2124 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/17 21:18:04.0421 2124 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/17 21:18:04.0906 2124 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/17 21:18:05.0093 2124 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/17 21:18:05.0218 2124 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/17 21:18:05.0312 2124 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/17 21:18:05.0453 2124 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/17 21:18:05.0671 2124 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/04/17 21:18:05.0781 2124 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/17 21:18:06.0000 2124 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/17 21:18:06.0125 2124 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/17 21:18:06.0343 2124 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/17 21:18:06.0437 2124 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/17 21:18:06.0546 2124 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/17 21:18:06.0640 2124 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/17 21:18:06.0750 2124 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/17 21:18:06.0843 2124 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/17 21:18:06.0968 2124 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/17 21:18:07.0062 2124 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/17 21:18:07.0218 2124 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/17 21:18:07.0375 2124 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/17 21:18:07.0578 2124 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/17 21:18:07.0906 2124 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/17 21:18:08.0078 2124 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/17 21:18:08.0265 2124 {B154377D-700F-42cc-9474-23858FBDF4BD} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD9\000.fcl
2011/04/17 21:18:08.0328 2124 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/17 21:18:08.0343 2124 ================================================================================
2011/04/17 21:18:08.0343 2124 Scan finished
2011/04/17 21:18:08.0343 2124 ================================================================================
2011/04/17 21:18:08.0390 3648 Detected object count: 1
2011/04/17 21:18:14.0187 3648 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/17 21:18:14.0187 3648 \HardDisk0 - ok
2011/04/17 21:18:14.0187 3648 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/17 21:18:18.0125 2900 Deinitialize success
-
Great, make sure you reboot your system for the fix to take and then lets do this
Please download ATF Cleaner by Atribune to your desktop.
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes from Here or Here
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
-
Hi again Ken!
This is the result of the MBAM scan:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6366
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
4/18/2011 4:52:16 PM
mbam-log-2011-04-18 (16-52-16).txt
Scan type: Quick scan
Objects scanned: 184142
Time elapsed: 35 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Owner\my documents\downloads\svchostanalyzer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
and the next two scans from OTL will be next.
-
OTL Log:
OTL logfile created on: 4/18/2011 5:10:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
736.00 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 28.63 Gb Free Space | 38.42% Space Free | Partition Type: NTFS
Computer Name: OWNER-773CC470D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/18 17:09:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL(1).exe
PRC - [2011/03/18 12:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/14 09:53:28 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 19:13:29 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 15:12:24 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 10:28:56 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 10:28:53 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 10:27:31 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/28 05:57:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/03/03 11:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/22 03:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/08/10 20:46:20 | 000,755,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\update\update.exe
PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/04/18 17:09:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL(1).exe
MOD - [2004/08/04 07:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/15 10:28:53 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/22 03:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
========== Driver Services (SafeList) ==========
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/07/15 10:28:58 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 10:27:33 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 11:04:14 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/28 12:57:14 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/14 17:44:15] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2008/03/03 18:25:00 | 001,405,632 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2004/08/03 18:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 17:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gooogle.com/
IE - HKU\S-1-5-21-507921405-1592454029-725345543-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-507921405-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Online Oryte Games Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405728&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/firefox"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.3
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c882eb7&v=6.103.018.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q="
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/03/24 21:52:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/13 20:28:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/13 20:27:59 | 000,000,000 | ---D | M]
[2010/07/29 15:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/07/29 15:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/14 18:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cpfbtxph.default\extensions
[2011/03/04 00:04:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cpfbtxph.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/15 19:59:27 | 000,000,000 | ---D | M] (Online Oryte Games Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cpfbtxph.default\extensions\{b4eeda34-67a2-4915-a821-4f22f093fec1}(2)
[2011/03/03 23:17:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cpfbtxph.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2011/04/03 14:52:17 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cpfbtxph.default\extensions\adblockpopups@jessehakanen.net
[2011/04/03 14:52:17 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cpfbtxph.default\extensions\elemhidehelper@adblockplus.org
[2010/08/15 19:57:07 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cpfbtxph.default\extensions\toolbar@alot(2).com
[2010/08/05 21:43:12 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cpfbtxph.default\searchplugins\conduit.xml
[2011/04/13 20:28:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/06 22:22:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/20 12:11:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CPFBTXPH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/03/24 21:52:34 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/06/06 22:21:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/04/15 22:06:08 | 000,431,550 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14880 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-507921405-1592454029-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1592454029-725345543-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-507921405-1592454029-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-507921405-1592454029-725345543-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/14 11:49:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/18 16:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\CyberLink PowerDVD 9
[2011/04/17 21:15:51 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/04/15 21:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/15 21:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/15 21:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/15 17:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/04/15 17:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2011/04/15 17:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2011/04/15 03:39:43 | 000,000,000 | ---D | C] -- C:\ad1a7802bb77c8f7813dc3863d84
[2011/04/15 03:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
[2011/04/15 03:10:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/04/15 03:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/15 03:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/14 23:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/14 23:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/14 23:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/14 23:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\2607E910350D64C4EE0251A0CC2E2AF9
[2011/04/08 03:00:35 | 000,000,000 | ---D | C] -- C:\8ca0b83d688ede0de678dbf6e9
[2011/04/06 18:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Genesis
[2011/04/02 18:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\NeopleLauncherDFO
[2011/04/02 03:00:55 | 000,000,000 | ---D | C] -- C:\209fa332027fefcf56
[2011/03/27 02:48:50 | 000,000,000 | ---D | C] -- C:\4c4e79c042e84df9ecff053247
[2011/03/26 14:36:45 | 000,000,000 | ---D | C] -- C:\1ec4696d64017a525ef37580d2f4be
[2011/03/26 14:19:39 | 000,000,000 | ---D | C] -- C:\6aeccf1a9a368f353ac227
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/18 16:58:40 | 000,181,020 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/18 16:57:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/18 16:12:43 | 074,791,603 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/04/17 21:20:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/16 23:57:43 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/15 22:43:51 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/04/15 22:06:08 | 000,431,550 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/15 21:23:40 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/15 21:23:40 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/04/15 21:22:31 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/15 07:47:01 | 000,419,882 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 07:47:01 | 000,064,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/15 03:00:07 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/14 23:48:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 21:26:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/13 20:28:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/13 20:28:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/13 00:36:16 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/01 15:07:30 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/15 22:43:50 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/04/15 21:23:40 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/15 21:23:40 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/04/15 03:00:06 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/14 23:48:49 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 20:28:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/01 15:07:30 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2011/01/16 22:34:18 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/19 17:41:21 | 000,000,084 | ---- | C] () -- C:\WINDOWS\Cookie.INI
[2010/08/21 19:23:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/28 16:19:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/14 17:49:30 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 13:08:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.dll
[2010/05/14 13:08:49 | 000,000,199 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl
[2010/05/14 13:07:59 | 000,003,091 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg
[2010/05/14 13:07:56 | 000,000,012 | ---- | C] () -- C:\WINDOWS\cmudax3.ini
[2010/05/14 12:43:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/14 11:51:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/14 11:45:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/14 06:38:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/14 06:37:15 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/16 14:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,419,882 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,064,296 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2011/04/15 04:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/05/14 13:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/04 08:10:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/12 11:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/06/04 08:48:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/06/18 20:13:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2010/06/04 08:32:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2011/04/07 20:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/11/11 19:09:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/06/04 08:32:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2011/03/14 09:55:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/17 12:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/11 18:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/05/14 17:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/04/15 17:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/11/11 18:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/05/14 17:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/06/10 18:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/29 15:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/15 03:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
[2010/10/11 18:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2011/04/14 23:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\2607E910350D64C4EE0251A0CC2E2AF9
[2010/11/11 19:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2010/10/22 16:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Eltima Software
[2010/11/18 01:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010/12/20 03:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2011/04/02 18:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NeopleLauncherDFO
[2010/12/16 00:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2010/09/14 16:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuxPaint
[2010/07/31 17:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VirtualStore
========== Purity Check ==========
< End of report >
Extras Log:
OTL Extras logfile created on: 4/18/2011 5:10:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
736.00 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 28.63 Gb Free Space | 38.42% Space Free | Partition Type: NTFS
Computer Name: OWNER-773CC470D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-507921405-1592454029-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Documents and Settings\Owner\Desktop\Genesis\Fusion.exe" = C:\Documents and Settings\Owner\Desktop\Genesis\Fusion.exe:*:Enabled:Fusion -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Nexon\DFO\DFO.exe" = C:\Nexon\DFO\DFO.exe:*:Enabled:Dungeon & Fighter -- (neople)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C20787A-7402-4FA7-BF25-6E5750930FDC}" = PowerDVD
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aiprosoft Total Video Converter" = Aiprosoft Total Video Converter
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"C-Media PCI Sound" = AUZEN X-Plosion 7.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DFO" = DFOLauncher
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FLV Player" = FLV Player 2.0 (build 25)
"Fripple Cookies" = Edmark Fripple Cookies
"ie8" = Windows Internet Explorer 8
"InstallShield_{8C20787A-7402-4FA7-BF25-6E5750930FDC}" = CyberLink PowerDVD 9
"Jellybean Hunt" = Edmark Jellybean Hunt
"LimeWire" = LimeWire 5.5.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"Security Task Manager" = Security Task Manager 1.8c
"SystemRequirementsLab" = System Requirements Lab
"TuneXP_1.5" = TuneXP 1.5
"Tux Paint_is1" = Tux Paint 0.9.21
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VLC media player 1.1.4
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/15/2011 9:50:45 AM | Computer Name = OWNER-773CC470D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00020a30.
Error - 4/15/2011 6:35:23 PM | Computer Name = OWNER-773CC470D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00020a30.
Error - 4/15/2011 6:36:31 PM | Computer Name = OWNER-773CC470D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x000449df.
Error - 4/15/2011 8:14:11 PM | Computer Name = OWNER-773CC470D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00020a30.
Error - 4/15/2011 9:58:14 PM | Computer Name = OWNER-773CC470D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00020a30.
Error - 4/16/2011 12:21:23 AM | Computer Name = OWNER-773CC470D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00020a30.
Error - 4/16/2011 10:29:04 PM | Computer Name = OWNER-773CC470D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.
Error - 4/17/2011 3:18:24 AM | Computer Name = OWNER-773CC470D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00020a30.
Error - 4/17/2011 12:11:53 PM | Computer Name = OWNER-773CC470D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00020a30.
Error - 4/17/2011 8:56:33 PM | Computer Name = OWNER-773CC470D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10e.ocx, version 10.0.45.2, fault address 0x0014453c.
[ System Events ]
Error - 4/15/2011 8:09:32 PM | Computer Name = OWNER-773CC470D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/15/2011 8:09:32 PM | Computer Name = OWNER-773CC470D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/15/2011 8:09:32 PM | Computer Name = OWNER-773CC470D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/15/2011 8:09:32 PM | Computer Name = OWNER-773CC470D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/15/2011 8:09:32 PM | Computer Name = OWNER-773CC470D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/15/2011 8:09:32 PM | Computer Name = OWNER-773CC470D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/15/2011 8:09:33 PM | Computer Name = OWNER-773CC470D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/15/2011 8:09:33 PM | Computer Name = OWNER-773CC470D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/15/2011 8:09:33 PM | Computer Name = OWNER-773CC470D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/15/2011 8:09:33 PM | Computer Name = OWNER-773CC470D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
< End of report >
-
Hi,
Looking at Ask Toolbar, here is some info, your call to keep it or not
* It promotes its toolbars on sites targeted at kids.
* It promotes its toolbars through ads that appear to be part of other companies' sites.
* It promotes its toolbars through other companies' spyware.
* It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
* It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
* It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.
Anymore redirects ?
Download CKScanner by askey127 from Here & save it to your Desktop. - Doubleclick CKScanner.exe then click Search For Files
- When the cursor hourglass disappears, click Save List To File
- A message box will verify the file saved
- Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
-
Hi Ken, I was actually not aware I had Ask installed on my PC. I usually never use IE, so it wouldn't show on Firefox. I have removed it since your last post, however I cannot seem to find the CKScript.txt file on my PC, it isn't saved to my desktop as it stated.
-
Oh, my bad. I found it now; it was hidden in my Downloads folder, here is the contents.
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.AP.11
----- EOF -----
-
Hi,
c:\program files\gimp-2.0 <-- Looks like you have a cracked illegal copy of this program on your system, besides it being illegal, downloading Cracked/Keygens/Warez software is the fastest way of infecting your system as about 100% of illegal software is infected.
We do not support the use of illegal software, if I was to continue helping you it could be construed in the eyes of the law as aiding and abetting a crime.
If you want to continue you will have to uninstall it and then run CKScanner again and post a new log
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
