Page 5 of 7 FirstFirst 1234567 LastLast
Results 41 to 50 of 68

Thread: IDP.Trojan.1C8D1A13 & Crypt.AQLW

  1. 2012-04-29, 06:53 #41
    jacknjaspa
    jacknjaspa is offline
    Member
    Join Date
    Apr 2012
    Posts
    42

    Default

    OK ran it, when pc rebooted this opened in notepad
    04292012_124540.log (cant find otl fix log?) Hope this is what your after?

    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: All Users.WINDOWS

    User: Cameron
    ->Temp folder emptied: 858108 bytes
    ->Temporary Internet Files folder emptied: 35920 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 5411840 bytes
    ->Flash cache emptied: 0 bytes

    User: Cameron.old
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User.WINDOWS
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 109563 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes
  2. 2012-04-29, 07:35 #42
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi jacknjaspa,

    Yes that's the log. Carry on with the ESET scan.
    Member of UNITE and ASAP
  3. 2012-04-29, 09:55 #43
    jacknjaspa
    jacknjaspa is offline
    Member
    Join Date
    Apr 2012
    Posts
    42

    Default

    Ok heres the file. FYI when i enabled AVG agin 5 alerts popped up (i didnt run a scan)


    C:\Documents and Settings\Cameron\Local Settings\Application Data\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application
    C:\Documents and Settings\Cameron\Local Settings\Temporary Internet Files\Content.IE5\DRB0076F\download-k_4.3%20hack%20pack[2].html HTML/Hoax.FastDownload.A.Gen application
    C:\Documents and Settings\Cameron\Local Settings\Temporary Internet Files\Content.IE5\TAFMOCGM\access-denied[2].html HTML/Hoax.FastDownload.A.Gen application
    C:\Documents and Settings\Cameron\Local Settings\Temporary Internet Files\Content.IE5\TAFMOCGM\checkout[1].html HTML/Hoax.FastDownload.A.Gen application
    C:\Documents and Settings\Cameron\Local Settings\Temporary Internet Files\Content.IE5\TAFMOCGM\en[1].txt HTML/Hoax.FastDownload.A.Gen application
    C:\Documents and Settings\Cameron\My Documents\Manuals\installer_sony_vegas_pro_9_0e_(32_bits)_English.exe.download Win32/Toggle application
    C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir a variant of Win32/FunWeb.AA application
    C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cdrom.sys.vir Win32/Sirefef.DA trojan
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078648.dll Win32/Toolbar.Babylon application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078649.dll Win32/Toolbar.Babylon application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078650.dll a variant of Win32/Toolbar.Babylon application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078651.dll Win32/Toolbar.Babylon application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078653.exe probably a variant of Win32/Toolbar.Babylon application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP408\A0092088.exe a variant of Win32/Toolbar.SearchSuite application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP410\A0092166.dll Win32/Toolbar.SearchSuite application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP410\A0092167.dll Win32/Toolbar.SearchSuite application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP410\A0092168.dll Win32/Toolbar.SearchSuite application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP410\A0092169.dll Win32/Toolbar.SearchSuite application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP414\A0095575.DLL a variant of Win32/FunWeb.AA application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP414\A0095576.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP414\A0095577.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP418\A0097765.exe Win32/Adware.MarketScore.A application
    C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP418\A0098233.exe a variant of Win32/SoftonicDownloader.A application
    C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0000\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan
    C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0001\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
    C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0001\zafs0000\tsk0002.dta Win32/Sirefef.DN trojan
    C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0001\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan
    C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0001\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan
    C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0002\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
    C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
    C:\TDSSKiller_Quarantine\26.04.2012_06.39.30\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
    C:\TDSSKiller_Quarantine\26.04.2012_06.39.30\rtkt0001\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
    C:\TDSSKiller_Quarantine\26.04.2012_06.39.30\rtkt0002\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
    C:\TDSSKiller_Quarantine\26.04.2012_06.48.21\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
    C:\TDSSKiller_Quarantine\26.04.2012_22.07.36\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
  4. 2012-04-29, 15:59 #44
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi jacknjaspa,

    Most of the ESET detections are files we have quarantined or are in old system restore points. These will be removed when we remove the tools.

    Where were the AVG detections?


    Open OTL, check the box beside "scan all users" and click Run Scan. Please post the log.
    Member of UNITE and ASAP
  5. 2012-04-29, 16:20 #45
    jacknjaspa
    jacknjaspa is offline
    Member
    Join Date
    Apr 2012
    Posts
    42

    Default

    This is what avg is detecting

    File name c\windows\system32\snapman380.dll
    Threat name idp.trojan.1c8d1a13
  6. 2012-04-29, 16:31 #46
    jacknjaspa
    jacknjaspa is offline
    Member
    Join Date
    Apr 2012
    Posts
    42

    Default

    OTL logfile created on: 29/04/2012 10:21:31 PM - Run 3
    OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.99 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 38.36% Memory free
    4.87 Gb Paging File | 3.64 Gb Available in Paging File | 74.78% Paging File free
    Paging file location(s): C:\pagefile.sys 3100 3100 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 30.72 Gb Free Space | 10.31% Space Free | Partition Type: NTFS
    Drive D: | 0.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 1.86 Gb Total Space | 1.86 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
    Drive G: | 149.05 Gb Total Space | 75.93 Gb Free Space | 50.95% Space Free | Partition Type: NTFS

    Computer Name: B03F21AE66BF49C | User Name: Cameron | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Cameron\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\POWERISO\PWRISOVM.EXE (Power Software Ltd)
    PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
    PRC - C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe (Apple Inc.)
    PRC - C:\Program Files\FingerPrint\FingerPrint.exe (Collobos Software)
    PRC - C:\Program Files\FingerPrint\FingerPrintService.exe (Collobos Software)
    PRC - C:\Program Files\AVG\AVG2012\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
    PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
    PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    PRC - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    PRC - C:\Program Files\WinZip\WINZIP32.EXE (WinZip Computing, S.L.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\acs.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Safari\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Safari\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\WinRAR\RarExt.dll ()
    MOD - C:\Program Files\FingerPrint\libcups2.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\WINDOWS\system32\Primomonnt.dll ()
    MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    MOD - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
    MOD - C:\Program Files\WinZip\UNRAR.DLL ()
    MOD - C:\Program Files\WinZip\LHA.DLL ()
    MOD - C:\WINDOWS\system32\acs.exe ()


    ========== Win32 Services (SafeList) ==========

    SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
    SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (FingerPrint) -- C:\Program Files\FingerPrint\FingerPrintService.exe (Collobos Software)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (LVPrcSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    SRV - (CinemaNow Service) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\Cameron\LOCALS~1\Temp\catchme.sys File not found
    DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (Power Software Ltd)
    DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
    DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
    DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
    DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
    DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
    DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
    DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
    DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
    DRV - (AR5211) -- C:\WINDOWS\system32\drivers\WG311T13.sys (Atheros Communications, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {D712F12C-ABCF-4523-8C25-371D9A76CF65}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{D712F12C-ABCF-4523-8C25-371D9A76CF65}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
    IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\..\SearchScopes,DefaultScope = {D712F12C-ABCF-4523-8C25-371D9A76CF65}
    IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\..\SearchScopes\{D712F12C-ABCF-4523-8C25-371D9A76CF65}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en-GB
    IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Cameron\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:34:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox

    [2012/02/19 18:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cameron\Application Data\Mozilla\Extensions

    O1 HOSTS File: ([2012/04/28 09:18:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.162\npchrome_frame.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
    O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
    O4 - Startup: C:\Documents and Settings\Cameron\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O4 - Startup: C:\Documents and Settings\Cameron\Start Menu\Programs\Startup\My Program.lnk = C:\Program Files\FingerPrint\FingerPrint.exe (Collobos Software)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujifilmimagine.com/imagi...eUploader5.cab (Image Uploader Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C9210D3-7F9C-40FF-9F7F-CF323A108DC8}: DhcpNameServer = 10.1.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4A02AAB-A392-4FBC-8929-A0CB65998009}: DhcpNameServer = 10.1.1.1
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.162\npchrome_frame.dll (Google Inc.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/09/03 19:25:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/29 15:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Desktop\Hack Pack 4.3
    [2012/04/29 13:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\PowerISO
    [2012/04/29 13:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PowerISO
    [2012/04/29 13:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\POWERISO
    [2012/04/29 13:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Desktop\Mario.and.Sonic.at.the.London.2012.Olympic.Games.PAL.Wii-GLoBAL
    [2012/04/29 13:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Start Menu\Programs\MagicDisc
    [2012/04/29 13:06:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2012/04/29 13:06:36 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
    [2012/04/29 12:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/04/29 12:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Desktop\New Folder
    [2012/04/29 12:18:01 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/04/29 12:18:00 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2012/04/29 12:18:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/04/29 12:17:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/04/29 12:17:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/04/29 12:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Desktop\Mario and Sonoc at the London Olympics
    [2012/04/29 12:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Start Menu\Programs\WinRAR
    [2012/04/29 12:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinRAR
    [2012/04/29 11:36:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/04/29 08:15:48 | 000,000,000 | ---D | C] -- C:\jgh8813j
    [2012/04/28 09:47:31 | 000,000,000 | ---D | C] -- C:\iso
    [2012/04/28 09:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Malwarebytes
    [2012/04/28 09:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/04/28 09:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    [2012/04/28 09:37:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/04/28 09:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/04/28 09:36:09 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cameron\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/04/28 09:34:51 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cameron\My Documents\mbam-setup-1.61.0.1400.exe
    [2012/04/28 07:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\WinRAR
    [2012/04/28 06:05:50 | 000,000,000 | ---D | C] -- C:\jgh
    [2012/04/27 08:31:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/04/27 08:26:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/04/27 08:26:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/04/27 08:26:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/04/27 08:26:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/04/27 08:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/04/27 08:25:07 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/27 08:20:40 | 004,477,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Cameron\Desktop\jgh.exe
    [2012/04/27 08:18:52 | 000,978,283 | ---- | C] (Swearware) -- C:\Documents and Settings\Cameron\My Documents\jgh.exe.download
    [2012/04/26 21:57:31 | 000,295,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\dllcache\avgtdix.sys
    [2012/04/26 21:57:31 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/04/26 07:37:06 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cameron\Desktop\OTL.exe
    [2012/04/25 21:18:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/04/25 21:16:22 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cameron\Desktop\tdsskiller.exe
    [2012/04/25 11:05:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cameron\Start Menu\Programs\Administrative Tools
    [2012/04/25 11:04:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Cameron\Desktop\dds.scr
    [2012/04/24 13:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Local Settings\Application Data\NPE
    [2012/04/24 13:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
    [2012/04/24 13:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\COMODO
    [2012/04/24 13:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Comodo
    [2012/04/22 23:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Local Settings\Application Data\Identities
    [2012/04/20 18:29:01 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Cameron\Desktop\avg_remover_stf_x86_2012_1796.exe
    [2012/04/20 08:34:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cameron\Recent
    [2012/04/20 08:23:16 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2012/04/20 08:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/04/20 08:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2012/04/20 07:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
    [2012/04/19 11:57:38 | 000,113,072 | ---- | C] (Power Software Ltd) -- C:\WINDOWS\System32\drivers\scdemu.sys
    [2012/04/17 08:41:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJFAX
    [2012/04/17 08:40:16 | 001,347,584 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410C.dll
    [2012/04/17 08:40:16 | 000,315,392 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410L.dll
    [2012/04/17 08:40:16 | 000,114,688 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410I.dll
    [2012/04/17 08:40:16 | 000,106,496 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410U.dll
    [2012/04/17 08:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Canon Easy-WebPrint EX
    [2012/04/17 08:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Canon Utilities
    [2012/04/17 08:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Canon MX410 series Manual
    [2012/04/17 08:32:02 | 000,257,024 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNCALAL.DLL
    [2012/04/17 08:32:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
    [2012/04/17 08:31:49 | 000,303,104 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLMAL.DLL
    [2012/04/17 08:31:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
    [2012/04/17 08:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Canon MX410 series
    [2012/04/17 08:31:42 | 000,094,208 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC410O.dll
    [2012/04/17 08:31:39 | 000,180,224 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIUAL.DLL
    [2012/04/17 08:31:27 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
    [2012/04/07 16:55:58 | 000,000,000 | ---D | C] -- C:\found.000
    [2012/04/07 15:42:52 | 000,000,000 | ---D | C] -- C:\big w prints
    [2012/04/07 15:07:12 | 000,000,000 | ---D | C] -- C:\Vuze
    [2012/04/07 14:48:39 | 000,000,000 | ---D | C] -- C:\To Transfer
    [2012/04/06 08:19:51 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/04/03 07:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
    [2012/04/01 11:09:26 | 000,000,000 | R--D | C] -- C:\g on Home PC (B03f21ae66bf49c)

    ========== Files - Modified Within 30 Days ==========

    [2012/04/29 22:29:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/29 22:02:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/04/29 17:52:48 | 096,579,315 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/04/29 17:52:04 | 000,212,262 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2012/04/29 15:38:52 | 000,221,411 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\USBLGX Forwarder.rar
    [2012/04/29 15:29:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/29 15:08:19 | 112,798,463 | ---- | M] () -- C:\Documents and Settings\Cameron\My Documents\Hack Pack 4.3_Shadow29091.rar
    [2012/04/29 13:58:40 | 001,055,504 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\wii.hack.pack.4.3.full.wma.exe
    [2012/04/29 13:20:18 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\PowerISO.lnk
    [2012/04/29 13:06:39 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Cameron\Start Menu\Programs\Startup\MagicDisc.lnk
    [2012/04/29 13:06:39 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\MagicDisc.lnk
    [2012/04/29 12:48:56 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
    [2012/04/29 12:48:04 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/04/29 12:47:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/04/29 12:42:21 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
    [2012/04/29 12:17:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/04/29 12:17:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/04/29 12:17:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/04/29 12:17:28 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/04/29 12:17:27 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2012/04/29 12:17:27 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2012/04/28 09:37:28 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/28 09:35:38 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cameron\My Documents\mbam-setup-1.61.0.1400.exe
    [2012/04/28 09:35:38 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cameron\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/04/28 09:18:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/04/28 07:59:21 | 002,284,697 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\LetterBomb.zip
    [2012/04/28 07:29:10 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\Mario and Sonoc at the London Olympics.iso
    [2012/04/27 08:31:14 | 000,000,331 | RHS- | M] () -- C:\boot.ini
    [2012/04/27 08:21:02 | 004,477,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Cameron\Desktop\jgh.exe
    [2012/04/27 08:19:04 | 000,978,283 | ---- | M] (Swearware) -- C:\Documents and Settings\Cameron\My Documents\jgh.exe.download
    [2012/04/26 22:10:19 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2012/04/26 07:37:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cameron\Desktop\OTL.exe
    [2012/04/25 21:27:59 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/04/25 21:27:59 | 000,089,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/04/25 13:57:46 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cameron\Desktop\tdsskiller.exe
    [2012/04/25 02:21:58 | 000,337,321 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\FSS-1.exe
    [2012/04/24 13:26:43 | 000,000,821 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ccebak
    [2012/04/24 10:03:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/04/23 11:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/04/20 18:29:02 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Cameron\Desktop\avg_remover_stf_x86_2012_1796.exe
    [2012/04/19 11:57:38 | 000,113,072 | ---- | M] (Power Software Ltd) -- C:\WINDOWS\System32\drivers\scdemu.sys
    [2012/04/17 08:35:44 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Canon Solution Menu EX.lnk
    [2012/04/17 08:33:04 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\Cameron\My Documents\Canon MX410 series On-screen Manual.lnk
    [2012/04/14 23:02:10 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/04/14 23:02:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/04/08 16:39:43 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Cameron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/07 14:01:03 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
    [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/04/03 07:36:13 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

    ========== Files Created - No Company Name ==========

    [2012/04/29 15:38:51 | 000,221,411 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\USBLGX Forwarder.rar
    [2012/04/29 14:48:11 | 112,798,463 | ---- | C] () -- C:\Documents and Settings\Cameron\My Documents\Hack Pack 4.3_Shadow29091.rar
    [2012/04/29 13:58:33 | 001,055,504 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\wii.hack.pack.4.3.full.wma.exe
    [2012/04/29 13:24:15 | 405,012,479 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\ind-nsmb-pal(compress)(patched)_Fel347.iso
    [2012/04/29 13:20:18 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\PowerISO.lnk
    [2012/04/29 13:06:39 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Cameron\Start Menu\Programs\Startup\MagicDisc.lnk
    [2012/04/29 13:06:39 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\MagicDisc.lnk
    [2012/04/29 12:42:21 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
    [2012/04/28 09:37:28 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/28 07:59:10 | 002,284,697 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\LetterBomb.zip
    [2012/04/28 07:29:10 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\Mario and Sonoc at the London Olympics.iso
    [2012/04/27 08:31:14 | 000,000,215 | ---- | C] () -- C:\Boot.bak
    [2012/04/27 08:31:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/04/27 08:26:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/04/27 08:26:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/04/27 08:26:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/04/27 08:26:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/04/27 08:26:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/04/25 17:35:59 | 000,337,321 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\FSS-1.exe
    [2012/04/20 08:31:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/04/17 08:40:16 | 000,015,104 | ---- | C] () -- C:\WINDOWS\System32\CNC174ED.TBL
    [2012/04/17 08:35:44 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Canon Solution Menu EX.lnk
    [2012/04/17 08:33:04 | 000,002,010 | ---- | C] () -- C:\Documents and Settings\Cameron\My Documents\Canon MX410 series On-screen Manual.lnk
    [2012/04/09 15:48:25 | 646,063,278 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\lego.ninjago.masters.of.spinjitzu.s02e01.rise.of.the.snakes.mkv
    [2012/04/07 14:01:03 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
    [2012/04/06 08:19:54 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/04/03 07:36:13 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2012/04/03 07:35:41 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
    [2012/02/16 13:58:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/07/23 19:01:25 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Cameron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/07 20:52:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/06/08 12:44:53 | 000,058,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/05/30 22:03:14 | 000,001,802 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2011/05/18 11:05:52 | 000,037,879 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Comma Separated Values (DOS).ADR
    [2011/05/16 12:38:37 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
    [2011/05/12 18:54:32 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2011/05/10 22:14:42 | 000,421,206 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\bdinstall.bin
    [2011/05/10 14:33:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/05/10 14:32:28 | 000,276,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/05/10 07:09:15 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2011/05/10 07:07:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
    [2011/05/10 06:51:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/05/10 06:44:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/03/16 11:44:51 | 000,269,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/02/10 12:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

    ========== Files - Unicode (All) ==========
    [2011/06/22 11:01:31 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Cameron\?????) -- C:\Documents and Settings\Cameron\獷楬汢捯污

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Cameron\Desktop\ind-nsmb-pal(compress)(patched)_Fel347.iso:SummaryInformation
    @Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Cameron\My Documents\wg311t_5_0_setup.exe:BDU
    @Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Cameron\My Documents\avg_free_stb_all_2011_1382_cnet.exe:BDU

    < End of report >
  7. 2012-04-29, 16:44 #47
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi jacknjaspa,

    That was one of files we had in the last combofix fix. I don't know wht combofix didn't see it or remove it.

    Let's try this and see if we can uncover them.


    Next

    Please open OTL.

    • Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, click the None button near the top (it may looked greyed out)
    • In the window under Custom Scans/Fixes copy and paste the following


      /md5start
      SiSRaid.dll
      slabser.dll
      smapint.dll
      SMNDIS5.dll
      snapman380.dll
      /md5stop


    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.
    Member of UNITE and ASAP
  8. 2012-04-29, 16:53 #48
    jacknjaspa
    jacknjaspa is offline
    Member
    Join Date
    Apr 2012
    Posts
    42

    Default

    OTL logfile created on: 29/04/2012 10:47:55 PM - Run 3
    OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.46% Memory free
    4.87 Gb Paging File | 4.12 Gb Available in Paging File | 84.61% Paging File free
    Paging file location(s): C:\pagefile.sys 3100 3100 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 30.73 Gb Free Space | 10.31% Space Free | Partition Type: NTFS
    Drive D: | 0.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 1.86 Gb Total Space | 1.86 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
    Drive G: | 149.05 Gb Total Space | 75.93 Gb Free Space | 50.95% Space Free | Partition Type: NTFS

    Computer Name: B03F21AE66BF49C | User Name: Cameron | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========

    < End of report >
  9. 2012-04-29, 17:12 #49
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi jacknjaspa,

    None of our tools seem to be able to see the files. Does AVG give you an exact location of the file(s)?
    Member of UNITE and ASAP
  10. 2012-04-29, 17:16 #50
    jacknjaspa
    jacknjaspa is offline
    Member
    Join Date
    Apr 2012
    Posts
    42

    Default

    No (but I'm not sure where to look either?)
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules