Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 38

Thread: Case of "IDP.Trojan.1C8D1A13 and Crypt.AQLW"

  1. #11
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    Sure did!

    What now?

  2. #12
    Security Expert jeffce's Avatar
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Run a new scan with OTL and post that so we can see how the fix went.
    http://i1224.photobucket.com/albums/ee380/jeffce74/Bleedingbanner2.jpg

  3. #13
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    Here you go.

    OTL logfile created on: 4/11/2012 4:07:44 PM - Run 2
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Belle\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.21% Memory free
    6.22 Gb Paging File | 4.97 Gb Available in Paging File | 79.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 280.06 Gb Total Space | 188.57 Gb Free Space | 67.33% Space Free | Partition Type: NTFS

    Computer Name: MAEIR_NEW | User Name: Belle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Belle\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
    PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
    PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
    PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
    PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
    PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
    PRC - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Lenovo\Healthcare\HealthCare.exe (skyware)
    PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
    MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
    MOD - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
    MOD - C:\Windows\System32\IcnOvrly.dll ()
    MOD - C:\Program Files\Lenovo\VeriFaceIII\Time.dll ()
    MOD - C:\Program Files\Lenovo\Healthcare\Health.dll ()
    MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
    MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (ZTEusbser6k) -- %systemroot%\system32\RioS30.dll File not found
    SRV - (z525mgmt) -- %systemroot%\system32\sdhelper.dll File not found
    SRV - (Xponaut_WBD) -- %systemroot%\system32\lvusbsta.dll File not found
    SRV - (Winmgmt) -- %SystemRoot%\system32\wbem\WMIsvc.dllHttpAutoProxySvc\Parameters File not found
    SRV - (wdelmgr20) -- %systemroot%\system32\cccredmgr.dll File not found
    SRV - (wceusbsh) -- %systemroot%\system32\PNDIS5.dll File not found
    SRV - (w800obex) -- %systemroot%\system32\eamon.dll File not found
    SRV - (VX1000) -- %systemroot%\system32\dphost.dll File not found
    SRV - (vrservice) -- %systemroot%\system32\PGPdisk.dll File not found
    SRV - (vetfddnt) -- %systemroot%\system32\ICAM3NT5.dll File not found
    SRV - (VAIOMediaPlatform-MusicServer-HTTP) -- %systemroot%\system32\fsaua.dll File not found
    SRV - (USRpdA) -- %systemroot%\system32\qhwscsvc.dll File not found
    SRV - (ups) -- %systemroot%\system32\cccredmgr.dll File not found
    SRV - (UMAXPCLS) -- %systemroot%\system32\npkcusb.dll File not found
    SRV - (UBHelper) -- %systemroot%\system32\p3.dll File not found
    SRV - (THREADORDER) -- %SystemRoot%\system32\mmcss.dlll File not found
    SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe File not found
    SRV - (symmpi) -- %systemroot%\system32\sansaservice.dll File not found
    SRV - (SrvcSSIOMngr) -- %systemroot%\system32\btwaudio.dll File not found
    SRV - (srescan) -- %systemroot%\system32\tabletservice.dll File not found
    SRV - (SndTDriverV32) -- %systemroot%\system32\gagp30kx.dll File not found
    SRV - (SiS7018) -- %systemroot%\system32\i8042prt.dll File not found
    SRV - (ShellHWDetection) -- %SystemRoot%\System32\shsvcs.dlls\ShellHWDetection\Parameters File not found
    SRV - (sfhlp02) -- %systemroot%\system32\idechndr.dll File not found
    SRV - (serialkeys) -- %systemroot%\system32\USBCamera.dll File not found
    SRV - (ser2plms) -- %systemroot%\system32\s116mdfl.dll File not found
    SRV - (SE2Emdfl) -- %systemroot%\system32\avsvcmonitor.dll File not found
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (retrolauncher) -- %systemroot%\system32\AYDrvNT_ALYAC.dll File not found
    SRV - (regmanserv) -- %systemroot%\system32\NuidFltr.dll File not found
    SRV - (QWAVE) -- %windir%\system32\qwave.dlldc.exe File not found
    SRV - (PTDCMdm) -- %systemroot%\system32\ctxcpusched.dll File not found
    SRV - (phc600) -- %systemroot%\system32\SaiH040B.dll File not found
    SRV - (pelusblf) -- %systemroot%\system32\Wpsnuio.dll File not found
    SRV - (patrol_scheduler) -- %systemroot%\system32\mscsptisrv.dll File not found
    SRV - (NxSysMon) -- %systemroot%\system32\atkkeyboardservice.dll File not found
    SRV - (NWADI) -- %systemroot%\system32\SE2Dmgmt.dll File not found
    SRV - (ntrtscan) -- %systemroot%\system32\client32.dll File not found
    SRV - (MRESP50a64) -- %systemroot%\system32\RVIEG01.dll File not found
    SRV - (MRESP50) -- %systemroot%\system32\savscan.dll File not found
    SRV - (mcdbus) -- %systemroot%\system32\pop3d32.dll File not found
    SRV - (LVRS) -- %systemroot%\system32\se58mdm.dll File not found
    SRV - (lvhidsvc) -- %systemroot%\system32\WinVd32.dll File not found
    SRV - (iwebcal) -- %systemroot%\system32\MSMQ.dll File not found
    SRV - (ICAM5USB) -- %systemroot%\system32\commserver.dll File not found
    SRV - (gtndis5) -- %systemroot%\system32\aspi32.dll File not found
    SRV - (GTF32BUS) -- %systemroot%\system32\lvmvdrv.dll File not found
    SRV - (GT890x) -- %systemroot%\system32\Intels51.dll File not found
    SRV - (FVNETusb) -- %systemroot%\system32\LC7981.dll File not found
    SRV - (fsma) -- %systemroot%\system32\T6963C.dll File not found
    SRV - (Evian) -- %systemroot%\system32\nim32.dll File not found
    SRV - (emu10k1) -- %systemroot%\system32\se59unic.dll File not found
    SRV - (EACSys) -- %systemroot%\system32\se58nd5.dll File not found
    SRV - (DynDNS_Updater_Service) -- %systemroot%\system32\MSFWHLPR.dll File not found
    SRV - (dladresm) -- %systemroot%\system32\qfcoresvc.dll File not found
    SRV - (DivisCTS) -- %systemroot%\system32\mqdmmdfl.dll File not found
    SRV - (dashsvc) -- %systemroot%\system32\avg7alrt.dll File not found
    SRV - (cypresslink) -- %systemroot%\system32\pdiddcci.dll File not found
    SRV - (ctljystk) -- %systemroot%\system32\fips.dll File not found
    SRV - (cqmgserv) -- %systemroot%\system32\PdiPorts.dll File not found
    SRV - (cqcpu) -- %systemroot%\system32\btserial.dll File not found
    SRV - (cdrbsdrv) -- %systemroot%\system32\slave.dll File not found
    SRV - (cachemgr) -- %systemroot%\system32\BCM43XV.dll File not found
    SRV - (ATIVXSTW) -- %systemroot%\system32\omsad.dll File not found
    SRV - (arcltsrv) -- %systemroot%\system32\EACSvrMngr.dll File not found
    SRV - (agnwifi) -- %systemroot%\system32\contentfilter.dll File not found
    SRV - (a016mdm) -- %systemroot%\system32\ikfilesec.dll File not found
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
    SRV - (AntUpdaterService) -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
    SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (OKAV Agent Service) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
    SRV - (WINDEFEND) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


    ========== Driver Services (SafeList) ==========

    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (catchme) -- C:\Users\Belle\AppData\Local\Temp\catchme.sys File not found
    DRV - (BVRPMPR5) -- C:\Windows\system32\drivers\BVRPMPR5.SYS File not found
    DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
    DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
    DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
    DRV - (WinI2C-DDC) -- C:\Windows\System32\drivers\ddcdrv.sys (Nicomsoft Ltd.)
    DRV - (netbt) -- C:\Windows\System32\drivers\netbt.sys ()
    DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
    DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{20CB2A00-D282-4C69-B6AF-07FE9F69B835}: "URL" = http://www.ant.com/search?s=browser&q={searchTerms}
    IE - HKCU\..\SearchScopes\{5D395B13-5CD2-4BF8-A77B-D8A043EE7C35}: "URL" = http://search.avg.com/route/?d=4cdf1a31&v=6.10.23.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en
    IE - HKCU\..\SearchScopes\{F210D498-6131-45D7-91C7-F82B692C7552}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Belle\Program Files\DNA\plugins\npbtdna.dll File not found
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Belle\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Belle\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Belle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Belle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:54:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/06 23:05:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 09:12:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Belle\Program Files\DNA
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Belle\AppData\Roaming\IDM\idmmzcc5 [2012/04/09 12:42:11 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Belle\AppData\Roaming\IDM\idmmzcc5 [2012/04/09 12:42:11 | 000,000,000 | ---D | M]

    [2012/02/09 16:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shuki\AppData\Roaming\Mozilla\Extensions
    [2012/02/09 16:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belle\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2012/04/09 13:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belle\AppData\Roaming\mozilla\Firefox\Profiles\1af5k6uw.default\extensions
    [2012/03/06 23:45:23 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Belle\AppData\Roaming\mozilla\Firefox\Profiles\1af5k6uw.default\extensions\anttoolbar@ant.com
    [2012/04/01 11:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/01 11:33:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/03/06 23:05:29 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2012/04/09 12:42:11 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\BELLE\APPDATA\ROAMING\IDM\IDMMZCC5
    () (No name found) -- C:\USERS\BELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AF5K6UW.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI
    () (No name found) -- C:\USERS\BELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AF5K6UW.DEFAULT\EXTENSIONS\XPIRFTOOLBAR@ROBOFORM.COM.XPI
    [2012/03/19 09:12:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    Hosts file not found
    O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
    O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\Healthcare\HealthCare.exe (skyware)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SetDefaultSCR] C:\Program Files\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe (Lenovo)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [Unattend0000000001{630DEC53-CECA-49A3-896C-B064A4DC05AA}] C:\Windows\test.bat File not found
    O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
    O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
    O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Co...erAX_Win32.cab (20-20 3D Viewer)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
    O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.3.0)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activ...eX_Control.cab (Photo Upload Plugin Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A783B15E-6FC6-407F-A9B9-EA185603CF5E}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/11 00:41:38 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Local\Unity
    [2012/04/10 22:37:25 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/04/10 21:12:24 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Local\temp
    [2012/04/10 21:12:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/10 20:36:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/10 20:36:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/10 20:36:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/10 20:36:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/10 20:36:38 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/04/10 20:30:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/10 20:25:48 | 004,455,939 | R--- | C] (Swearware) -- C:\Users\Belle\Desktop\ComboFix.exe
    [2012/04/10 15:24:29 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Belle\Desktop\OTL.exe
    [2012/04/09 17:57:01 | 000,000,000 | ---D | C] -- C:\ERDNT
    [2012/04/09 17:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/04/09 17:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/04/09 17:55:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Belle\Desktop\dds.scr
    [2012/04/09 16:55:40 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2012/04/09 16:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
    [2012/04/09 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\IDM
    [2012/04/09 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\DMCache
    [2012/04/09 12:41:56 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    [2012/04/09 12:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    [2012/04/09 12:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
    [2012/04/09 12:40:46 | 004,489,152 | ---- | C] (Tonec Inc.) -- C:\Users\Belle\Desktop\idman610.exe
    [2012/04/09 11:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
    [2012/04/09 11:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
    [2012/04/09 11:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
    [2012/04/09 11:07:03 | 000,000,000 | ---D | C] -- C:\codec-info
    [2012/04/09 11:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2012/04/04 13:13:38 | 000,023,376 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
    [2012/04/04 13:13:26 | 000,546,640 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
    [2012/04/04 13:13:22 | 000,481,104 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
    [2012/04/02 17:32:22 | 000,000,000 | ---D | C] -- C:\Users\Belle\Documents\NetBeansProjects
    [2012/04/02 17:22:19 | 000,000,000 | ---D | C] -- C:\Users\Belle\.m2
    [2012/04/02 17:20:55 | 000,000,000 | ---D | C] -- C:\Users\Belle\.netbeans
    [2012/04/02 17:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
    [2012/04/02 17:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.1.1
    [2012/04/02 17:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/04/02 17:05:57 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
    [2012/04/02 17:05:57 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/04/02 17:05:57 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/04/02 17:05:57 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/04/02 16:44:13 | 000,000,000 | ---D | C] -- C:\Users\Belle\.nbi
    [2012/04/01 11:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/04/01 11:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/04/01 04:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
    [2012/03/29 22:20:13 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\Malwarebytes
    [2012/03/29 22:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/29 22:20:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/03/29 22:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/03/29 22:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/03/29 16:36:48 | 000,072,080 | ---- | C] (iS3, Inc.) -- C:\Windows\System32\drivers\SZKGFS.sys
    [2012/03/16 07:08:36 | 000,091,936 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
    [2012/03/15 08:17:39 | 000,000,000 | ---D | C] -- C:\Users\Belle\Desktop\Agile

    ========== Files - Modified Within 30 Days ==========

    [2012/04/11 16:10:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B4A8E5D0-2834-4498-8E6B-E9DD1D4D46E4}.job
    [2012/04/11 16:07:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7B6FDF8-737B-4CD3-AC18-9B0AFF415412}.job
    [2012/04/11 16:00:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
    [2012/04/11 15:53:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005UA.job
    [2012/04/11 15:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/11 15:08:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/11 15:08:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/11 14:04:31 | 000,000,680 | ---- | M] () -- C:\Users\Belle\AppData\Local\d3d9caps.dat
    [2012/04/11 12:26:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/11 11:53:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005Core.job
    [2012/04/11 11:08:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/11 10:53:31 | 000,056,320 | ---- | M] () -- C:\Users\Belle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/11 10:25:12 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/04/11 08:48:15 | 094,521,641 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2012/04/10 23:22:04 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
    [2012/04/10 23:22:04 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
    [2012/04/10 23:21:46 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2012/04/10 20:26:02 | 004,455,939 | R--- | M] (Swearware) -- C:\Users\Belle\Desktop\ComboFix.exe
    [2012/04/10 17:49:12 | 000,355,579 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2012/04/10 16:38:26 | 000,741,758 | ---- | M] () -- C:\Users\Belle\Desktop\Tuvya Maeir Health Form.pdf
    [2012/04/10 16:03:34 | 000,000,512 | ---- | M] () -- C:\Users\Belle\Documents\MBR.dat
    [2012/04/10 15:33:25 | 000,749,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/04/10 15:33:25 | 000,159,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/04/10 15:24:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Belle\Desktop\OTL.exe
    [2012/04/09 17:56:31 | 000,000,714 | ---- | M] () -- C:\Users\Belle\Desktop\ERUNT.lnk
    [2012/04/09 17:55:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Belle\Desktop\dds.scr
    [2012/04/09 17:29:10 | 000,000,408 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
    [2012/04/09 12:40:58 | 004,489,152 | ---- | M] (Tonec Inc.) -- C:\Users\Belle\Desktop\idman610.exe
    [2012/04/09 11:17:57 | 000,000,237 | ---- | M] () -- C:\user.js
    [2012/04/08 22:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
    [2012/04/05 13:32:52 | 007,131,152 | ---- | M] () -- C:\Users\Belle\Desktop\w_infk15.pdf
    [2012/04/04 13:13:38 | 000,023,376 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
    [2012/04/04 13:13:26 | 000,546,640 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
    [2012/04/04 13:13:22 | 000,481,104 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
    [2012/04/02 17:13:38 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 7.1.1.lnk
    [2012/04/02 17:05:11 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
    [2012/04/02 17:05:11 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2012/04/02 17:05:11 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/04/02 17:05:11 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/04/02 17:05:11 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/04/01 11:32:48 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/03/29 22:20:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/29 16:36:48 | 000,072,080 | ---- | M] (iS3, Inc.) -- C:\Windows\System32\drivers\SZKGFS.sys
    [2012/03/27 14:51:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/03/22 22:23:52 | 000,027,436 | ---- | M] () -- C:\Users\Belle\Desktop\technology%20management%20after.pdf
    [2012/03/22 22:23:45 | 000,037,754 | ---- | M] () -- C:\Users\Belle\Desktop\business%20analyst%20after.pdf

    ========== Files Created - No Company Name ==========

    [2012/04/10 20:36:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/10 20:36:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/10 20:36:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/10 20:36:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/10 20:36:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/10 16:38:26 | 000,741,758 | ---- | C] () -- C:\Users\Belle\Desktop\Tuvya Maeir Health Form.pdf
    [2012/04/10 16:03:34 | 000,000,512 | ---- | C] () -- C:\Users\Belle\Documents\MBR.dat
    [2012/04/09 17:56:31 | 000,000,714 | ---- | C] () -- C:\Users\Belle\Desktop\ERUNT.lnk
    [2012/04/09 17:26:31 | 000,000,408 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
    [2012/04/09 11:17:56 | 000,000,237 | ---- | C] () -- C:\user.js
    [2012/04/05 13:32:15 | 007,131,152 | ---- | C] () -- C:\Users\Belle\Desktop\w_infk15.pdf
    [2012/04/02 17:13:38 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 7.1.1.lnk
    [2012/03/29 22:20:02 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/22 22:23:52 | 000,027,436 | ---- | C] () -- C:\Users\Belle\Desktop\technology%20management%20after.pdf
    [2012/03/22 22:23:45 | 000,037,754 | ---- | C] () -- C:\Users\Belle\Desktop\business%20analyst%20after.pdf
    [2012/02/02 11:06:21 | 000,000,680 | ---- | C] () -- C:\Users\Belle\AppData\Local\d3d9caps.dat
    [2011/09/18 11:28:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
    [2011/04/23 20:20:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
    [2011/04/23 20:20:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
    [2010/09/22 07:51:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    < End of report >

  4. #14
    Security Expert jeffce's Avatar
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Malwarebytes

    I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
    ----------

    ESET Online Scanner:

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here then click on:
    • Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.


    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
    ----------

    In your next reply please post the logs made by Malwarebytes and ESET online scanner.
    http://i1224.photobucket.com/albums/ee380/jeffce74/Bleedingbanner2.jpg

  5. #15
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    First part:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.09.06

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 8.0.6001.19088
    Belle :: MAEIR_NEW [administrator]

    4/12/2012 10:09:02 AM
    mbam-log-2012-04-12 (10-09-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 238332
    Time elapsed: 5 minute(s), 25 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  6. #16
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    Quote Originally Posted by jmaeir View Post
    First part:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.09.06
    (end)

    IGNORE - forgot to update, doing that now

  7. #17
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=6d52e5210fe6144691d196158079cf01
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-04-12 08:33:33
    # local_time=2012-04-12 04:33:33 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6001 NT Service Pack 1
    # compatibility_mode=512 16777215 100 0 99433848 99433848 0 0
    # compatibility_mode=1032 16777213 100 96 0 77310385 0 0
    # compatibility_mode=5892 16776574 100 100 43771722 170861769 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=313129
    # found=3
    # cleaned=0
    # scan_time=8572
    C:\Qoobox\Quarantine\C\Windows\System32\helpsvc.dll.vir Win32/Sirefef.ER trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Windows\System32\drivers\netbt.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

  8. #18
    Security Expert jeffce's Avatar
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Right-click and Run as Administrator SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      *netbt.sys
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    http://i1224.photobucket.com/albums/ee380/jeffce74/Bleedingbanner2.jpg

  9. #19
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.12.08

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 8.0.6001.19088
    Belle :: MAEIR_NEW [administrator]

    4/12/2012 5:25:15 PM
    mbam-log-2012-04-12 (17-25-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 240766
    Time elapsed: 5 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  10. #20
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:52 on 12/04/2012 by Belle
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*netbt.sys"
    C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys --a---- 185856 bytes [11:28 24/09/2009] [04:45 11/04/2009] ECD64230A59CBD93C85F1CD1CAB9F3F6
    C:\Windows\System32\drivers\netbt.sys --a---- 184320 bytes [02:24 21/01/2008] [02:24 21/01/2008] 62A04C5466D64F6E30E730AD49CC81C8
    C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys --a---- 184320 bytes [02:24 21/01/2008] [02:24 21/01/2008] 62A04C5466D64F6E30E730AD49CC81C8

    -= EOF =-

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •