View Full Version : Malware suspected: cannot run Spybot properly
boymonkey
2011-07-25, 20:00
Dear Analysts,
I was unable to run Spybot SD today after upgrading (it displaying many blank error messages and freezes). I then tried out the new BETA version 2, which produced the error message "Not enough storage space to process this command." It hinted at the fact that it found 10 results of threat level 5, so I suspect that I may potentially have a problem with malware.
I have run ERANT, but cannot successfully complete the required DDS process (it consistently freezes under the e of "where"). I am running windows XP (SP 3)
I am able to produce a HiJackThis log if this will suffice, but keenly await your response and advice.
Kind regards,
Simon
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
boymonkey
2011-07-28, 20:27
Hi Ken545,
Many thanks for your response. I have posted the information below and look forward to hearing back:
I. aswMBR log:
aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-28 18:58:09
-----------------------------
18:58:09.549 OS Version: Windows 5.1.2600 Service Pack 3
18:58:09.549 Number of processors: 2 586 0xE08
18:58:09.549 ComputerName: MICROLITE411 UserName: ttzcwd
18:58:18.674 Initialize success
18:58:47.330 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:58:47.330 Disk 0 Vendor: FUJITSU_MHV2060BH 00000029 Size: 57231MB BusType: 3
18:58:47.362 Disk 0 MBR read successfully
18:58:47.362 Disk 0 MBR scan
18:58:47.362 Disk 0 unknown MBR code
18:58:47.362 Disk 0 scanning sectors +117210240
18:58:47.424 Disk 0 scanning C:\WINDOWS\system32\drivers
19:00:03.424 Service scanning
19:00:06.127 Modules scanning
19:00:20.627 Disk 0 trace - called modules:
19:00:20.659 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:00:20.659 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d1b9c0]
19:00:20.659 3 CLASSPNP.SYS[f8653fd7] -> nt!IofCallDriver -> \Device\0000007f[0x82d1d418]
19:00:20.659 5 ACPI.sys[f84ca620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82d1d030]
19:00:20.690 Scan finished successfully
19:00:36.205 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ttzcwd\Desktop\MBR.dat"
19:00:36.221 The log file has been saved successfully to "C:\Documents and Settings\ttzcwd\Desktop\aswMBR.txt"
-------------------------------------------------------------------------
II. OTL.txt log
OTL logfile created on: 28/07/2011 19:04:05 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ttzcwd\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
503.29 Mb Total Physical Memory | 262.77 Mb Available Physical Memory | 52.21% Memory free
1.20 Gb Paging File | 0.59 Gb Available in Paging File | 49.40% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 27.27 Gb Free Space | 48.80% Space Free | Partition Type: NTFS
Computer Name: MICROLITE411 | User Name: ttzcwd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\ttzcwd\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Documents and Settings\ttzcwd\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe ()
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ATK0100\HControl.exe ()
PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()
PRC - C:\Program Files\Generic\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0S2.EXE (SEIKO EPSON CORPORATION)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\ttzcwd\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll (Safer-Networking Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\credui.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Windows Script\Windows Script Control\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (SDHookService) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll ()
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Cleaner_Validator) -- C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV - (SDHookDriver) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys ()
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (CFRPD) -- C:\WINDOWS\system32\drivers\CFRPD.sys (Windows (R) Win 7 DDK provider)
DRV - (CFRMD) -- C:\WINDOWS\system32\drivers\CFRMD.sys (Windows (R) Win 7 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (InputPen) -- C:\WINDOWS\system32\drivers\InputPen2K.sys (C Technologies)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nottingham.ac.uk/education
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/13 02:42:12 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/07/25 16:09:58 | 000,436,116 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15010 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (baloudHelperObj Class) - {6165D324-3AAF-4C63-B545-C7D2285BEA1C} - C:\Program Files\Texthelp Systems\ReadAndWrite7\thhtmlbho.dll (textHELP Systems Ltd)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\Generic\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\ttzcwd\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\ttzcwd\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\ttzcwd\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://www.reachrth3.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,514,2213 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://www.reachrth3.com/vdesk/terminal/InstallerControl.cab#version=6030,2009,0514,2216 (F5 Networks Auto Update)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://www.reachrth3.com/vdesk/terminal/urTermProxy.cab#version=6020,2007,1001,2136 (F5 Networks Static Application Tunnel Control)
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} https://www.reachrth3.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0 (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://www.reachrth3.com/vdesk/terminal/urxhost.cab#version=6030,2009,514,2205 (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\ttzcwd\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ttzcwd\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\Shell - "" = AutoRun
O33 - MountPoints2\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\Shell\Auto\command - "" = Cn911.exe
O33 - MountPoints2\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\Shell - "" = AutoRun
O33 - MountPoints2\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\Shell\Auto\command - "" = Cn911.exe
O33 - MountPoints2\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/07/28 18:56:11 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ttzcwd\Desktop\OTL.exe
[2011/07/28 18:53:23 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ttzcwd\Desktop\aswMBR.exe
[2011/07/28 16:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ttzcwd\Application Data\DriverCure
[2011/07/28 16:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ttzcwd\Application Data\ParetoLogic
[2011/07/28 16:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/07/27 10:36:09 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\ttzcwd\Desktop\dds.scr
[2011/07/25 18:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/25 18:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/25 18:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/25 17:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/25 17:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ttzcwd\Start Menu\Programs\HiJackThis
[2011/07/25 16:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/07/25 16:04:27 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2011/07/25 16:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/07/25 13:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/19 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/07/18 04:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ttzcwd\Start Menu\Programs\PageBreeze
[2011/07/18 04:04:08 | 000,097,280 | ---- | C] (Visual Components, Inc.) -- C:\WINDOWS\System32\vspell32.ocx
[2011/07/18 04:04:07 | 000,070,656 | ---- | C] (Visual Components, Inc.) -- C:\WINDOWS\System32\vspell32.dll
[2011/07/18 04:04:06 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Vb6stkit.dll
[2011/07/18 04:04:03 | 000,089,600 | ---- | C] (AY Software Corporation) -- C:\WINDOWS\System32\Leocx32.ocx
[2011/07/18 04:04:01 | 000,084,992 | ---- | C] (AY Software Corporation) -- C:\WINDOWS\System32\Ledit32.dll
[2011/07/18 04:03:53 | 001,105,920 | ---- | C] (Chilkat Software, Inc.) -- C:\WINDOWS\System32\ChilkatFtp2.dll
[2011/07/18 04:03:49 | 001,245,184 | ---- | C] (Chilkat Software, Inc.) -- C:\WINDOWS\System32\ChilkatCert.dll
[2011/07/18 04:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\PageBreeze
[2011/07/18 02:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/18 02:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/18 02:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/18 02:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/17 02:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ttzcwd\Application Data\Auslogics
[2011/07/17 02:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/07/17 02:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/07/16 23:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/07/16 23:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/07/16 22:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Fighters
[2011/07/16 22:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/07/04 13:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/04 13:21:08 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/04 13:20:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/04 13:20:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/04 13:20:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2008/11/29 11:16:17 | 022,260,008 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/07/28 19:13:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/28 19:00:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\MBR.dat
[2011/07/28 18:56:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ttzcwd\Desktop\OTL.exe
[2011/07/28 18:53:35 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ttzcwd\Desktop\aswMBR.exe
[2011/07/28 18:41:13 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/07/28 18:40:48 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/07/28 18:39:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/28 18:39:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/28 18:39:13 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/07/28 18:39:13 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/07/28 18:34:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/28 18:34:55 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/28 16:55:06 | 000,021,466 | ---- | M] () -- C:\WINDOWS\cscmondump.bin
[2011/07/28 16:54:48 | 000,389,832 | ---- | M] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2011/07/28 16:54:42 | 000,245,794 | ---- | M] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2011/07/28 15:56:04 | 125,895,620 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/26 15:38:39 | 000,002,223 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\EndNote Program.lnk
[2011/07/26 10:25:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/25 18:49:15 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/25 17:55:41 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\ttzcwd\Desktop\dds.scr
[2011/07/25 17:33:45 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\HiJackThis.lnk
[2011/07/25 17:30:53 | 000,214,929 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\census.cache
[2011/07/25 17:30:07 | 000,197,608 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\ars.cache
[2011/07/25 16:51:58 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\housecall.guid.cache
[2011/07/25 16:09:58 | 000,436,116 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/25 16:05:00 | 000,001,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/07/25 13:23:21 | 000,436,064 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110725-160958.backup
[2011/07/25 12:10:09 | 000,436,064 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110725-132321.backup
[2011/07/19 18:21:20 | 000,435,650 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110725-121009.backup
[2011/07/19 18:20:03 | 000,000,848 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110719-182120.backup
[2011/07/19 18:12:33 | 000,435,650 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110719-182002.backup
[2011/07/18 04:31:49 | 000,000,318 | ---- | M] () -- C:\WINDOWS\pagebreeze.ini
[2011/07/18 04:31:23 | 000,000,048 | ---- | M] () -- C:\WINDOWS\.prj
[2011/07/18 04:04:53 | 000,000,044 | ---- | M] () -- C:\WINDOWS\formbreeze.ini
[2011/07/18 02:13:25 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/16 23:44:52 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Updater.job
[2011/07/16 22:32:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/07/16 22:14:08 | 000,194,220 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/07/15 04:23:40 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/14 13:46:37 | 003,573,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 00:13:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/13 02:42:15 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/01 14:33:54 | 011,799,121 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\20110701142943.pdf
[2011/06/30 19:52:59 | 002,174,315 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\20110630194716.pdf
[2011/06/30 19:49:34 | 000,906,258 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\20110630194427.pdf
[2011/06/30 19:45:17 | 012,649,704 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\20110630194059.pdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/07/28 19:00:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Desktop\MBR.dat
[2011/07/25 18:49:15 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/25 17:33:45 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Desktop\HiJackThis.lnk
[2011/07/25 17:30:53 | 000,214,929 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\census.cache
[2011/07/25 17:30:06 | 000,197,608 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\ars.cache
[2011/07/25 16:51:58 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\housecall.guid.cache
[2011/07/25 16:06:25 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/07/25 16:06:23 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/07/25 16:06:20 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/07/25 16:05:00 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/07/25 16:05:00 | 000,001,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/07/18 04:11:14 | 000,000,048 | ---- | C] () -- C:\WINDOWS\.prj
[2011/07/18 04:04:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2011/07/18 04:04:52 | 000,000,318 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2011/07/18 02:16:40 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/18 02:13:25 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/17 02:59:51 | 000,021,466 | ---- | C] () -- C:\WINDOWS\cscmondump.bin
[2011/07/17 02:59:39 | 000,389,832 | ---- | C] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2011/07/17 02:59:21 | 000,245,794 | ---- | C] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2011/07/16 23:44:52 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Updater.job
[2011/07/16 22:32:04 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/07/05 18:24:32 | 012,649,704 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Desktop\20110630194059.pdf
[2011/07/01 17:18:58 | 011,799,121 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Desktop\20110701142943.pdf
[2011/07/01 17:17:52 | 000,906,258 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Desktop\20110630194427.pdf
[2011/07/01 17:15:56 | 002,174,315 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Desktop\20110630194716.pdf
[2011/05/08 00:07:14 | 000,832,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/20 18:39:43 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2010/07/07 16:10:06 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/07/06 22:37:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2010/07/04 14:46:37 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/03/29 10:49:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/03/29 10:49:26 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/03/29 10:49:26 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/03/29 10:49:26 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/03/29 10:49:26 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/03/29 10:49:26 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/03/29 10:49:26 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/03/29 10:49:26 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/03/29 10:49:26 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/03/29 10:49:26 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/03/29 10:49:26 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/03/29 10:49:26 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/03/29 10:49:26 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/03/29 10:49:26 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/03/29 10:49:26 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/03/29 10:49:26 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/03/29 10:49:26 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/03/29 10:49:26 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/03/29 10:49:26 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/01/12 06:35:44 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/23 00:11:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/09/05 14:03:37 | 000,055,700 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/14 11:26:05 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/06/13 19:10:21 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/29 11:20:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 13:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/07/21 12:11:01 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2006/10/31 13:00:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/31 04:09:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/10 16:33:33 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/07/10 15:48:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/10 15:41:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/10 15:35:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/10 15:34:40 | 003,573,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/20 13:34:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/01/20 13:34:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/01/20 13:34:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/01/20 13:34:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/01/20 13:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/01/20 13:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/01/20 13:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/01/20 13:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/01/20 13:34:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/02/18 00:07:48 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2004/09/23 15:20:38 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 13:00:00 | 000,433,112 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 000,068,068 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/10/22 23:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/17 11:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/17 11:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/17 11:27:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006/07/11 13:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2011/04/11 12:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/28 18:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/11 14:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/18 14:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/11/24 21:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2010/07/20 18:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/07/17 03:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/06 22:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
[2010/05/01 11:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/11 22:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/19 11:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ttzcwd\Application Data\Amazon
[2011/07/17 02:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ttzcwd\Application Data\Auslogics
[2010/10/17 11:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ttzcwd\Application Data\AVG10
[2009/11/27 20:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ttzcwd\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/11 15:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ttzcwd\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/21 16:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ttzcwd\Application Data\diogenes
[2011/07/28 16:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ttzcwd\Application Data\DriverCure
[2011/07/28 18:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ttzcwd\Application Data\Dropbox
[2010/06/22 17:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ttzcwd\Application Data\EndNote
[2007/05/30 09:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ttzcwd\Application Data\Infineon
[2011/07/28 16:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ttzcwd\Application Data\ParetoLogic
[2011/05/07 18:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ttzcwd\Application Data\Research In Motion
[2010/11/22 15:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ttzcwd\Application Data\Texthelp Systems
[2011/07/28 18:41:13 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
[2011/07/28 18:39:13 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/07/28 18:39:13 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:587EB586
< End of report >
[B]III. OTL extras.txt log
OTL Extras logfile created on: 28/07/2011 19:04:05 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ttzcwd\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
503.29 Mb Total Physical Memory | 262.77 Mb Available Physical Memory | 52.21% Memory free
1.20 Gb Paging File | 0.59 Gb Available in Paging File | 49.40% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 27.27 Gb Free Space | 48.80% Space Free | Partition Type: NTFS
Computer Name: MICROLITE411 | User Name: ttzcwd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"1036:TCP" = 1036:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\ttzcwd\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\ttzcwd\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02D7C83F-FCCB-4EEC-9E4B-C6FF8AADC015}" = Power4 Gear
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E1300BC-6DBA-476B-8CCF-4AA81ED4DF6A}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ED56C76-5D85-4364-938C-A0AD4A6F7344}" = Read and Write 7
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4CFA39-996A-4F4F-BBB2-6112A297DC1A}" = BlackBerry Device Software v5.0.0 for the BlackBerry 8520 smartphone
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4039DC0-905D-4372-8B20-120F0B6CF283}" = COMODO System-Cleaner
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = Auslogics Registry Defrag
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2B4FE1C-2CFA-47EE-A88C-A14D0FF1F0B0}" = BBSAK
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Antioch" = Antioch
"AVG" = AVG 2011
"BA7C3E474BCC2DD6360ACAFC7E9C0F9C7E2B96EB" = Windows Driver Package - Intel (w39n51) net (04/04/2006 10.1.1.3)
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Concise Oxford English Dictionary (Eleventh Edition)" = Concise Oxford English Dictionary (Eleventh Edition)
"D16AA00FE65B9D2C6E0A57F54400303BF3259CC3" = Windows Driver Package - Intel (w29n51) net (06/26/2006 9.0.4.17)
"E2A9709B2AFB100688AF34A15AE3DA48516EBD52" = Windows Driver Package - Intel (NETw3x32) net (07/26/2006 10.5.1.59)
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"F785D6B63FDA08F811F56F84F831B3E291B7129A" = Windows Driver Package - Intel (w29n51) net (04/05/2006 9.0.4.13)
"Google Chrome" = Google Chrome
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PageBreeze Free HTML Editor" = PageBreeze Free HTML Editor
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Sony Player Plug-in for Windows Media Player" = Sony Player Plug-in for Windows Media Player
"SpeedFan" = SpeedFan (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17/07/2011 15:20:45 | Computer Name = MICROLITE411 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10063
Error - 17/07/2011 15:20:45 | Computer Name = MICROLITE411 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10063
Error - 17/07/2011 15:20:47 | Computer Name = MICROLITE411 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17/07/2011 15:20:47 | Computer Name = MICROLITE411 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12016
Error - 17/07/2011 15:20:47 | Computer Name = MICROLITE411 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12016
Error - 17/07/2011 21:15:53 | Computer Name = MICROLITE411 | Source = MsiInstaller | ID = 11722
Description = Product: Apple Software Update -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action SoftwareUpdate_RegServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /RegServer
Error - 17/07/2011 21:16:36 | Computer Name = MICROLITE411 | Source = MsiInstaller | ID = 11722
Description = Product: Apple Software Update -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action SoftwareUpdate_RegServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /RegServer
Error - 19/07/2011 13:55:04 | Computer Name = MICROLITE411 | Source = Spybot - Search & Destroy | ID = 0
Description =
Error - 19/07/2011 15:03:14 | Computer Name = MICROLITE411 | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module
spybotsd.exe, version 1.6.2.46, fault address 0x000049ee.
Error - 25/07/2011 09:33:18 | Computer Name = MICROLITE411 | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
[ System Events ]
Error - 25/07/2011 13:35:47 | Computer Name = MICROLITE411 | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.
Error - 26/07/2011 06:51:56 | Computer Name = MICROLITE411 | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.
Error - 27/07/2011 07:00:45 | Computer Name = MICROLITE411 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.135 for the Network Card with network
address 0013027E19A2 has been denied by the DHCP server 192.76.34.234 (The DHCP
Server sent a DHCPNACK message).
Error - 27/07/2011 07:03:31 | Computer Name = MICROLITE411 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to
connect.
Error - 27/07/2011 07:03:32 | Computer Name = MICROLITE411 | Source = Service Control Manager | ID = 7000
Description = The AVGIDSAgent service failed to start due to the following error:
%%1053
Error - 27/07/2011 07:04:59 | Computer Name = MICROLITE411 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ImapiService service.
Error - 27/07/2011 07:05:00 | Computer Name = MICROLITE411 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053
Error - 27/07/2011 09:10:50 | Computer Name = MICROLITE411 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.10.253.255 on
the Network Card with network address 0013027E19A2.
Error - 27/07/2011 18:34:38 | Computer Name = MICROLITE411 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.87 for the Network Card with network
address 0013027E19A2 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).
Error - 28/07/2011 10:47:45 | Computer Name = MICROLITE411 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.
< End of report >
--------------------------------------------------------------------------
Any help much appreciated.
Kind regards,
Simon
Hi,
Looks like aswMBR did not find a rootkit, but OTL found some bad stuff, we are going to run a fix, make sure your usb drive is plugged in. Also looks like your hosts file is infected, this fix will repair it
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
O33 - MountPoints2\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\Shell - "" = AutoRun
O33 - MountPoints2\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\Shell\Auto\command - "" = Cn911.exe
O33 - MountPoints2\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\Shell - "" = AutoRun
O33 - MountPoints2\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\Shell\Auto\command - "" = Cn911.exe
O33 - MountPoints2\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
[2011/07/25 13:23:21 | 000,436,064 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110725-160958.backup
[2011/07/25 12:10:09 | 000,436,064 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110725-132321.backup
[2011/07/19 18:21:20 | 000,435,650 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110725-121009.backup
[2011/07/19 18:20:03 | 000,000,848 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110719-182120.backup
[2011/07/19 18:12:33 | 000,435,650 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110719-182002.backup
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
boymonkey
2011-07-29, 11:34
Hi Ken,
I am posting two reports from two separated attempts at the fix. I accidentally ran the first fix without my usb drive and received an error that the hostfile could not be created. I ran it again with the USB and everything went smoothly. Please also find the new OTL scan at the bottom.
I. first fix log
Files\Folders moved on Reboot...
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
Registry entries deleted on Reboot...
II. second fix log
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\ not found.
File Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6c3ede-08a7-11dd-871e-0013027e19a2}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\ not found.
File Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6c3edf-08a7-11dd-871e-0013027e19a2}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe not found.
File C:\WINDOWS\System32\drivers\etc\hosts.20110725-160958.backup not found.
File C:\WINDOWS\System32\drivers\etc\hosts.20110725-132321.backup not found.
File C:\WINDOWS\System32\drivers\etc\hosts.20110725-121009.backup not found.
File C:\WINDOWS\System32\drivers\etc\hosts.20110719-182120.backup not found.
File C:\WINDOWS\System32\drivers\etc\hosts.20110719-182002.backup not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
C:\Documents and Settings\ttzcwd\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\ttzcwd\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . : lan
IP Address. . . . . . . . . . . . : 192.168.1.135
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
C:\Documents and Settings\ttzcwd\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\ttzcwd\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\ttzcwd\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\ttzcwd\Desktop\cmd.txt deleted successfully.
OTL by OldTimer - Version 3.2.26.1 log created on 07292011_094149
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
III. New OLT.txt
OTL logfile created on: 29/07/2011 10:00:59 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ttzcwd\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
503.29 Mb Total Physical Memory | 90.88 Mb Available Physical Memory | 18.06% Memory free
1.20 Gb Paging File | 0.62 Gb Available in Paging File | 51.87% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 27.21 Gb Free Space | 48.70% Space Free | Partition Type: NTFS
Drive F: | 3.76 Gb Total Space | 2.63 Gb Free Space | 69.92% Space Free | Partition Type: FAT32
Computer Name: MICROLITE411 | User Name: ttzcwd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\ttzcwd\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Documents and Settings\ttzcwd\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe ()
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ATK0100\HControl.exe ()
PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()
PRC - C:\Program Files\Generic\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0S2.EXE (SEIKO EPSON CORPORATION)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\ttzcwd\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll (Safer-Networking Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\credui.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Windows Script\Windows Script Control\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (SDHookService) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll ()
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Cleaner_Validator) -- C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV - (SDHookDriver) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys ()
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (CFRPD) -- C:\WINDOWS\system32\drivers\CFRPD.sys (Windows (R) Win 7 DDK provider)
DRV - (CFRMD) -- C:\WINDOWS\system32\drivers\CFRMD.sys (Windows (R) Win 7 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (InputPen) -- C:\WINDOWS\system32\drivers\InputPen2K.sys (C Technologies)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nottingham.ac.uk/education
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/13 02:42:12 | 000,000,000 | ---D | M]
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (baloudHelperObj Class) - {6165D324-3AAF-4C63-B545-C7D2285BEA1C} - C:\Program Files\Texthelp Systems\ReadAndWrite7\thhtmlbho.dll (textHELP Systems Ltd)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\Generic\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\ttzcwd\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\ttzcwd\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\ttzcwd\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://www.reachrth3.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,514,2213 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://www.reachrth3.com/vdesk/terminal/InstallerControl.cab#version=6030,2009,0514,2216 (F5 Networks Auto Update)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://www.reachrth3.com/vdesk/terminal/urTermProxy.cab#version=6020,2007,1001,2136 (F5 Networks Static Application Tunnel Control)
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} https://www.reachrth3.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0 (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://www.reachrth3.com/vdesk/terminal/urxhost.cab#version=6030,2009,514,2205 (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\ttzcwd\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ttzcwd\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/07/28 23:07:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/28 18:56:11 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ttzcwd\Desktop\OTL.exe
[2011/07/28 18:53:23 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ttzcwd\Desktop\aswMBR.exe
[2011/07/28 16:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ttzcwd\Application Data\DriverCure
[2011/07/28 16:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ttzcwd\Application Data\ParetoLogic
[2011/07/28 16:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/07/27 10:36:09 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\ttzcwd\Desktop\dds.scr
[2011/07/25 18:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/25 18:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/25 18:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/25 17:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/25 17:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ttzcwd\Start Menu\Programs\HiJackThis
[2011/07/25 16:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/07/25 16:04:27 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2011/07/25 16:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/07/25 13:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/19 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/07/18 04:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ttzcwd\Start Menu\Programs\PageBreeze
[2011/07/18 04:04:08 | 000,097,280 | ---- | C] (Visual Components, Inc.) -- C:\WINDOWS\System32\vspell32.ocx
[2011/07/18 04:04:07 | 000,070,656 | ---- | C] (Visual Components, Inc.) -- C:\WINDOWS\System32\vspell32.dll
[2011/07/18 04:04:06 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Vb6stkit.dll
[2011/07/18 04:04:03 | 000,089,600 | ---- | C] (AY Software Corporation) -- C:\WINDOWS\System32\Leocx32.ocx
[2011/07/18 04:04:01 | 000,084,992 | ---- | C] (AY Software Corporation) -- C:\WINDOWS\System32\Ledit32.dll
[2011/07/18 04:03:53 | 001,105,920 | ---- | C] (Chilkat Software, Inc.) -- C:\WINDOWS\System32\ChilkatFtp2.dll
[2011/07/18 04:03:49 | 001,245,184 | ---- | C] (Chilkat Software, Inc.) -- C:\WINDOWS\System32\ChilkatCert.dll
[2011/07/18 04:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\PageBreeze
[2011/07/18 02:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/18 02:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/18 02:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/18 02:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/17 02:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ttzcwd\Application Data\Auslogics
[2011/07/17 02:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/07/17 02:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/07/16 23:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/07/16 23:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/07/16 22:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Fighters
[2011/07/16 22:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/07/04 13:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/04 13:21:08 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/04 13:20:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/04 13:20:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/04 13:20:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2008/11/29 11:16:17 | 022,260,008 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/07/29 09:58:19 | 126,055,670 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/29 09:50:24 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/07/29 09:48:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/29 09:45:40 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/07/29 09:45:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/29 09:45:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/07/29 09:45:00 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/07/29 09:44:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/29 09:44:26 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/29 09:43:22 | 000,021,466 | ---- | M] () -- C:\WINDOWS\cscmondump.bin
[2011/07/28 23:13:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/28 19:00:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\MBR.dat
[2011/07/28 18:56:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ttzcwd\Desktop\OTL.exe
[2011/07/28 18:53:35 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ttzcwd\Desktop\aswMBR.exe
[2011/07/28 16:54:48 | 000,389,832 | ---- | M] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2011/07/28 16:54:42 | 000,245,794 | ---- | M] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2011/07/26 15:38:39 | 000,002,223 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\EndNote Program.lnk
[2011/07/26 10:25:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/25 18:49:15 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/25 17:55:41 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\ttzcwd\Desktop\dds.scr
[2011/07/25 17:33:45 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\HiJackThis.lnk
[2011/07/25 17:30:53 | 000,214,929 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\census.cache
[2011/07/25 17:30:07 | 000,197,608 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\ars.cache
[2011/07/25 16:51:58 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\housecall.guid.cache
[2011/07/25 16:05:00 | 000,001,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/07/18 04:31:49 | 000,000,318 | ---- | M] () -- C:\WINDOWS\pagebreeze.ini
[2011/07/18 04:31:23 | 000,000,048 | ---- | M] () -- C:\WINDOWS\.prj
[2011/07/18 04:04:53 | 000,000,044 | ---- | M] () -- C:\WINDOWS\formbreeze.ini
[2011/07/18 02:13:25 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/16 23:44:52 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Updater.job
[2011/07/16 22:32:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/07/16 22:14:08 | 000,194,220 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/07/15 04:23:40 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/14 13:46:37 | 003,573,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 00:13:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/13 02:42:15 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/01 14:33:54 | 011,799,121 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\20110701142943.pdf
[2011/06/30 19:52:59 | 002,174,315 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\20110630194716.pdf
[2011/06/30 19:49:34 | 000,906,258 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\20110630194427.pdf
[2011/06/30 19:45:17 | 012,649,704 | ---- | M] () -- C:\Documents and Settings\ttzcwd\Desktop\20110630194059.pdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/07/28 19:00:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Desktop\MBR.dat
[2011/07/25 18:49:15 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/25 17:33:45 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Desktop\HiJackThis.lnk
[2011/07/25 17:30:53 | 000,214,929 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\census.cache
[2011/07/25 17:30:06 | 000,197,608 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\ars.cache
[2011/07/25 16:51:58 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\housecall.guid.cache
[2011/07/25 16:06:25 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/07/25 16:06:23 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/07/25 16:06:20 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/07/25 16:05:00 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/07/25 16:05:00 | 000,001,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/07/18 04:11:14 | 000,000,048 | ---- | C] () -- C:\WINDOWS\.prj
[2011/07/18 04:04:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2011/07/18 04:04:52 | 000,000,318 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2011/07/18 02:16:40 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/18 02:13:25 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/17 02:59:51 | 000,021,466 | ---- | C] () -- C:\WINDOWS\cscmondump.bin
[2011/07/17 02:59:39 | 000,389,832 | ---- | C] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2011/07/17 02:59:21 | 000,245,794 | ---- | C] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2011/07/16 23:44:52 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Updater.job
[2011/07/16 22:32:04 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/07/05 18:24:32 | 012,649,704 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Desktop\20110630194059.pdf
[2011/07/01 17:18:58 | 011,799,121 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Desktop\20110701142943.pdf
[2011/07/01 17:17:52 | 000,906,258 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Desktop\20110630194427.pdf
[2011/07/01 17:15:56 | 002,174,315 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Desktop\20110630194716.pdf
[2011/05/08 00:07:14 | 000,832,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/20 18:39:43 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2010/07/07 16:10:06 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/07/06 22:37:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2010/07/04 14:46:37 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/03/29 10:49:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/03/29 10:49:26 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/03/29 10:49:26 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/03/29 10:49:26 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/03/29 10:49:26 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/03/29 10:49:26 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/03/29 10:49:26 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/03/29 10:49:26 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/03/29 10:49:26 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/03/29 10:49:26 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/03/29 10:49:26 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/03/29 10:49:26 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/03/29 10:49:26 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/03/29 10:49:26 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/03/29 10:49:26 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/03/29 10:49:26 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/03/29 10:49:26 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/03/29 10:49:26 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/03/29 10:49:26 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/01/12 06:35:44 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/23 00:11:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/09/05 14:03:37 | 000,055,700 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/14 11:26:05 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/06/13 19:10:21 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\ttzcwd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/29 11:20:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 13:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/07/21 12:11:01 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2006/10/31 13:00:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/31 04:09:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/10 16:33:33 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/07/10 15:48:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/10 15:41:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/10 15:35:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/10 15:34:40 | 003,573,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/20 13:34:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/01/20 13:34:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/01/20 13:34:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/01/20 13:34:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/01/20 13:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/01/20 13:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/01/20 13:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/01/20 13:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/01/20 13:34:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/02/18 00:07:48 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2004/09/23 15:20:38 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 13:00:00 | 000,433,112 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 000,068,068 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:587EB586
< End of report >
Many thanks,
Simon
Hello Simon,
Lets do this
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
boymonkey
2011-07-29, 14:20
Thanks for the prompt reply. Nothing suspicious as far as mbam is concerned:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7316
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
29/07/2011 13:18:52
mbam-log-2011-07-29 (13-18-52).txt
Scan type: Quick scan
Objects scanned: 210475
Time elapsed: 11 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Best,
Simon
Simon, looking good but I am concerned about the hosts file backups we removed, there infected and there may be more
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
boymonkey
2011-07-29, 18:46
Hi Ken,
Once again, it appears to be clean:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4236ae2477cc784a9159054c50501178
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-29 03:38:29
# local_time=2011-07-29 04:38:29 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 337692 337692 0 0
# compatibility_mode=1032 16777173 100 96 19368 55239708 0 0
# compatibility_mode=8192 67108863 100 0 322 322 0 0
# scanned=65028
# found=0
# cleaned=0
# scan_time=4601
Best,
Simon
:bigthumb:
How are things running now Simon ?
boymonkey
2011-07-30, 13:57
Hi Ken,
Things are the same with regard to the speed of the computer and I suspect that the Dds and spybot will still crash - I am guessing that since the malware is now removed, this might be a windows issue?
Many thanks for all your help removing the malware, very much appreciated!
Best,
Simon
Simon, run this program, I doubt it will find anything but it cant hurt, if nothing is found than I can link you to a windows forum for help with a slow computer
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
boymonkey
2011-08-01, 12:27
Thanks Ken.
No infection found with the TDSSKiller either, so that is good news. I'd really appreciate you pointing me in the direction of a good windows forum in order to address the crashes if possible. I'm relieved that all the malware is removed, especially since I can't run SpyBot etc.
All best,
Simon
boymonkey
2011-08-01, 12:30
Sorry, I forgot to post the log in my previous message:
2011/08/01 11:23:06.0781 1416 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/01 11:23:07.0171 1416 ================================================================================
2011/08/01 11:23:07.0171 1416 SystemInfo:
2011/08/01 11:23:07.0171 1416
2011/08/01 11:23:07.0171 1416 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/01 11:23:07.0171 1416 Product type: Workstation
2011/08/01 11:23:07.0171 1416 ComputerName: MICROLITE411
2011/08/01 11:23:07.0171 1416 UserName: ttzcwd
2011/08/01 11:23:07.0171 1416 Windows directory: C:\WINDOWS
2011/08/01 11:23:07.0171 1416 System windows directory: C:\WINDOWS
2011/08/01 11:23:07.0171 1416 Processor architecture: Intel x86
2011/08/01 11:23:07.0171 1416 Number of processors: 2
2011/08/01 11:23:07.0171 1416 Page size: 0x1000
2011/08/01 11:23:07.0171 1416 Boot type: Normal boot
2011/08/01 11:23:07.0171 1416 ================================================================================
2011/08/01 11:23:11.0781 1416 Initialize success
2011/08/01 11:23:17.0656 1376 ================================================================================
2011/08/01 11:23:17.0656 1376 Scan started
2011/08/01 11:23:17.0656 1376 Mode: Manual;
2011/08/01 11:23:17.0656 1376 ================================================================================
2011/08/01 11:23:20.0328 1376 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/01 11:23:20.0593 1376 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/01 11:23:21.0156 1376 ADIHdAudAddService (de325887ffd27aef6ec9b3d41c4a03a9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/08/01 11:23:22.0031 1376 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/01 11:23:22.0484 1376 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/01 11:23:24.0109 1376 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/01 11:23:25.0078 1376 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/01 11:23:25.0703 1376 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/01 11:23:25.0875 1376 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/01 11:23:26.0406 1376 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/01 11:23:26.0734 1376 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/01 11:23:27.0156 1376 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/01 11:23:27.0343 1376 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/01 11:23:27.0781 1376 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/01 11:23:27.0984 1376 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/01 11:23:28.0265 1376 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/01 11:23:28.0578 1376 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/01 11:23:29.0015 1376 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/01 11:23:29.0203 1376 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/01 11:23:29.0281 1376 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/01 11:23:29.0578 1376 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/01 11:23:29.0687 1376 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/01 11:23:29.0781 1376 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/01 11:23:29.0937 1376 CFRMD (a6811f84b3df61e22e4f8749d9a8af61) C:\WINDOWS\system32\DRIVERS\CFRMD.sys
2011/08/01 11:23:30.0109 1376 CFRPD (e854bd45cfb2898108ceccba89b67d0d) C:\WINDOWS\system32\DRIVERS\CFRPD.sys
2011/08/01 11:23:30.0187 1376 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/01 11:23:30.0406 1376 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/01 11:23:30.0640 1376 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/08/01 11:23:30.0781 1376 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/08/01 11:23:31.0531 1376 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/01 11:23:31.0640 1376 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/01 11:23:32.0062 1376 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/01 11:23:32.0578 1376 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/01 11:23:32.0890 1376 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/01 11:23:33.0093 1376 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/08/01 11:23:33.0406 1376 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/01 11:23:33.0859 1376 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/01 11:23:34.0328 1376 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/01 11:23:34.0656 1376 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/01 11:23:34.0765 1376 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/01 11:23:34.0968 1376 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/01 11:23:35.0000 1376 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/01 11:23:35.0031 1376 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/01 11:23:35.0156 1376 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/01 11:23:35.0437 1376 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/08/01 11:23:35.0546 1376 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/01 11:23:35.0640 1376 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/08/01 11:23:35.0750 1376 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/01 11:23:35.0875 1376 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/01 11:23:36.0125 1376 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/01 11:23:36.0234 1376 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/01 11:23:36.0484 1376 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/01 11:23:36.0906 1376 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2011/08/01 11:23:37.0062 1376 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/01 11:23:37.0218 1376 InputPen (5248ce124468b2ed61c636e1e66a24cf) C:\WINDOWS\system32\Drivers\InputPen2K.sys
2011/08/01 11:23:37.0609 1376 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/01 11:23:37.0671 1376 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/01 11:23:37.0734 1376 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/01 11:23:38.0140 1376 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/01 11:23:38.0343 1376 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/01 11:23:38.0390 1376 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/01 11:23:38.0562 1376 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/01 11:23:38.0750 1376 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/01 11:23:38.0859 1376 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/01 11:23:39.0031 1376 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/01 11:23:39.0109 1376 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/01 11:23:39.0265 1376 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/01 11:23:39.0343 1376 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/01 11:23:39.0375 1376 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/01 11:23:39.0531 1376 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/01 11:23:39.0703 1376 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/01 11:23:39.0796 1376 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/01 11:23:39.0906 1376 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/01 11:23:40.0031 1376 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/01 11:23:40.0140 1376 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/01 11:23:40.0265 1376 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/01 11:23:40.0343 1376 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/01 11:23:40.0640 1376 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/01 11:23:40.0796 1376 MTsensor (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/08/01 11:23:40.0875 1376 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/01 11:23:40.0968 1376 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/01 11:23:41.0031 1376 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/01 11:23:41.0109 1376 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/01 11:23:41.0125 1376 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/01 11:23:41.0187 1376 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/01 11:23:41.0203 1376 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/01 11:23:41.0265 1376 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/01 11:23:41.0484 1376 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/08/01 11:23:41.0703 1376 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/01 11:23:41.0906 1376 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/01 11:23:42.0015 1376 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/01 11:23:42.0078 1376 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/01 11:23:42.0125 1376 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/01 11:23:42.0218 1376 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/01 11:23:42.0328 1376 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/01 11:23:42.0421 1376 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/08/01 11:23:42.0750 1376 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/01 11:23:42.0890 1376 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/01 11:23:43.0000 1376 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/01 11:23:43.0093 1376 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/01 11:23:43.0187 1376 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/01 11:23:43.0312 1376 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/01 11:23:43.0859 1376 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/01 11:23:43.0953 1376 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/01 11:23:44.0046 1376 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/01 11:23:44.0515 1376 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/01 11:23:44.0578 1376 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/01 11:23:44.0625 1376 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/01 11:23:44.0687 1376 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/01 11:23:44.0765 1376 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/01 11:23:44.0828 1376 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/01 11:23:44.0984 1376 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/01 11:23:45.0093 1376 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/01 11:23:45.0171 1376 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/01 11:23:45.0265 1376 rimmptsk (b6e686aab08bc276d0000293f9fba0bb) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/08/01 11:23:45.0359 1376 rimsptsk (bcff51e0be86d6f0e2180e5142203527) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/08/01 11:23:45.0453 1376 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/08/01 11:23:45.0765 1376 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/08/01 11:23:46.0234 1376 rismxdp (6baf8990e6f701f501a6cee974cf08d8) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/08/01 11:23:46.0343 1376 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/08/01 11:23:46.0515 1376 RTL8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/01 11:23:46.0718 1376 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/01 11:23:46.0968 1376 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/01 11:23:47.0265 1376 SDHookDriver (5ea313de81fd07a084ca5b3c7a71b427) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
2011/08/01 11:23:47.0531 1376 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/01 11:23:47.0671 1376 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/01 11:23:47.0781 1376 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/08/01 11:23:47.0843 1376 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/08/01 11:23:47.0890 1376 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/08/01 11:23:48.0062 1376 smserial (ce2e9d6b8c26c38779581cff1f14b65b) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/08/01 11:23:48.0359 1376 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
2011/08/01 11:23:48.0484 1376 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/01 11:23:48.0531 1376 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/01 11:23:48.0687 1376 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/01 11:23:49.0203 1376 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/01 11:23:49.0437 1376 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/01 11:23:50.0328 1376 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/01 11:23:50.0875 1376 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/01 11:23:51.0062 1376 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/01 11:23:51.0093 1376 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/01 11:23:51.0156 1376 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/01 11:23:51.0312 1376 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/01 11:23:51.0406 1376 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/01 11:23:51.0484 1376 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/01 11:23:51.0703 1376 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/01 11:23:51.0875 1376 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/01 11:23:52.0046 1376 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/01 11:23:52.0125 1376 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/01 11:23:52.0203 1376 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/01 11:23:52.0453 1376 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/01 11:23:52.0546 1376 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/01 11:23:52.0625 1376 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/01 11:23:52.0734 1376 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
2011/08/01 11:23:52.0890 1376 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/08/01 11:23:53.0093 1376 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/01 11:23:53.0171 1376 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/01 11:23:53.0359 1376 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/01 11:23:53.0453 1376 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/01 11:23:53.0593 1376 MBR (0x1B8) (b7daa625a4764358b090f13ae79d2605) \Device\Harddisk0\DR0
2011/08/01 11:23:53.0921 1376 Boot (0x1200) (aabea0b3b75618b12ab43792c8f02009) \Device\Harddisk0\DR0\Partition0
2011/08/01 11:23:53.0921 1376 ================================================================================
2011/08/01 11:23:53.0921 1376 Scan finished
2011/08/01 11:23:53.0921 1376 ================================================================================
2011/08/01 11:23:53.0953 1212 Detected object count: 0
2011/08/01 11:23:53.0953 1212 Actual detected object count: 0
Hello Simon, no rootkit, thats great :bigthumb:
Lets run Combofix, you may get an error stating that it wont run with AVG installed but I believe they fixed that, if not uninstall AVG from the Add Remove Programs in the Control Panel, we can reinstall it when where done
If there is nothing bad found or removed than I will link you to a windows forum for help
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
boymonkey
2011-08-01, 17:36
Hi Ken,
Unfortunately my computer freezes part way through the ComboFix process (as with DDS etc.). I'll try to uninstall AVG and see if that helps and will report back later this evening (I suspect this could be a windows problem rather than malware since everything else came up clean though?)
All best,
Simon
Hi Simon,
Why dont you forgo Combofix and post in this windows forum, if after helping you they still feel its malware then post back and we will work on running CF. You can link them to this thread so they can see what we have done. I will keep it open for you for about a week, if its closed than just start a new topic.
http://forums.whatthetech.com/index.php?showforum=119
Like Safer its free but you will need to register
Good Luck,
Ken
boymonkey
2011-08-03, 16:14
Hi Ken,
I have been a little off the ball with this, since the malware has been removed there is less urgency and over things have slowly taken over. I'll post on the forum you recommended and see if the windows problem can be fixed, but I wanted to say in the meantime a big thank you for all your help with removing the malware - very much appreciated.
All best,
Simon
Your very welcome Simon, my pleasure :)
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.