PDA

View Full Version : win32/olmarik aj. trojan



arash
2011-09-16, 16:55
Please help, eset cant remove this either

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Run by User at 14:50:48 on 2011-09-16
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2027 [GMT 1:00]
.
AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Livedrive\Livedrive.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.co.uk/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Foxit Editor Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BrowserHelper Class: {edf48a39-1442-463f-9f4e-f376a78d034a} - c:\program files\livedrive\LivedriveExplorerExtensions.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Foxit Editor Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Livedrive] "c:\program files\livedrive\Livedrive.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: logmein.com\server00008b-geyzvugtbf.app109
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263078527406
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263078519953
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://82.69.87.87/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://camaras.costablanca.org/AxisCamControl.cab
DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F695B426-E0A0-45EB-911B-CD0CBD4677C0} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
mASetup: {F0173905-8498-4452-A4BD-EC689AFA6B3A} - "%ProgramFiles%\Common Files\Sage SBD\ForceEIRRegistration.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\pjp1dlwi.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\pricegong\2.1.0\ff\components\PriceGongFF.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - c:\program files\pricegong\2.1.0\FF
.
============= SERVICES / DRIVERS ===============
.
R0 iteraid;iteraid;c:\windows\system32\drivers\iteraid.sys [2006-12-16 26112]
R0 jahci;jahci;c:\windows\system32\drivers\jahci.sys [2006-12-16 33280]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-8-21 53816]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-10-1 146904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-3 216912]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-8-21 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-8-21 158904]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-8-23 54760]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-9-5 393648]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-1-6 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-6-22 366152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-8-21 870200]
R2 Sage SData Service;Sage SData Service;c:\program files\common files\sage sdata\Sage.SData.Service.exe [2009-12-16 49152]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2001-12-31 35840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-6-22 22216]
S2 gupdate;บริการอัปเดตของ Google (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;บริการ ข่าวอัพเดต Google (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2010-8-1 38656]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-09-15 07:27:18 256000 ----a-w- c:\windows\PEV.exe
2011-09-15 07:27:18 208896 ----a-w- c:\windows\MBR.exe
2011-09-12 19:56:57 -------- d-----w- c:\documents and settings\all users\application data\iJ09200JmDbG09200
2011-09-12 16:33:55 425984 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2011-09-12 16:33:55 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2011-09-12 16:33:55 131072 ----a-w- c:\windows\system32\EKIJCOINST12.dll
2011-08-23 19:22:35 -------- d-----w- c:\documents and settings\user\Tracing
2011-08-23 18:21:55 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2011-08-23 18:21:23 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2011-08-23 18:19:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-08-23 18:18:06 -------- d-----w- c:\program files\Microsoft
2011-08-23 18:17:49 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-08-23 18:14:42 74520 ----a-w- c:\program files\common files\windows live\.cache\877727d01cc61c0\DSETUP.dll
2011-08-23 18:14:42 484632 ----a-w- c:\program files\common files\windows live\.cache\877727d01cc61c0\DXSETUP.exe
2011-08-23 18:14:42 1670936 ----a-w- c:\program files\common files\windows live\.cache\877727d01cc61c0\dsetup32.dll
2011-08-23 18:14:24 1013800 ----a-w- c:\program files\common files\windows live\.cache\7d0b406a1cc61c0\WindowsXP-KB954708-x86-ENU.exe
2011-08-23 18:10:53 -------- d-----w- c:\program files\common files\Windows Live
2011-08-21 09:00:36 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2011-09-13 18:00:13 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 15:32:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-06 15:32:36 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 15:32:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-06 15:32:28 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-06-20 13:36:02 571216 ----a-w- c:\windows\system32\LivedriveControlPanel.cpl
.
============= FINISH: 14:51:43.04 ===============

oldman960
2011-09-20, 17:54
Hi arash, welcome to the forum.

To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.



*Combofix is a very powerful tool and should not be used without supervision.*


It looks like you may have ran combofix. If you did I need to see the log. It can be found at C:\Combofix.txt



Go HERE (http://www.gmer.net/) to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE. Save it to your desktop.

Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Double click on the file you downloaded. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_th.gif (http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_screen2-1.gif)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and post it in your next reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If GMER will not run in normal windows, please run it in Safe Mode




Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.


Please post back with combofix log if you have it
GMER log
aswMBR log
MBR.zip (attached)


Please describe your symptoms.

Thanks

arash
2011-09-21, 15:32
thank you for your help

files attached as requested

oldman960
2011-09-21, 15:51
Hi arash,

Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Next

Re-Run aswMBR

Click Scan

On completion of the scan

Click the FixButton

http://public.avast.com/~gmerek/aswMBR3.png

Reboot your computer when prompted.

Save the log as before and post in your next reply.


How is the computer now?

arash
2011-09-21, 20:41
thanks
it finished but did not ask to reboot machine. Shall I manually reboot

oldman960
2011-09-21, 22:15
Hi arash,

Yes then post the log. How is the computer?

arash
2011-09-21, 23:45
thanks but eset still says win32/olmarik present

arash
2011-09-21, 23:51
log file attached
thanks

oldman960
2011-09-22, 00:07
Hi arash,

You have an MBR infection.

The log you posted doesn't indicate that the Fix button was clicked.

When you ran aswMBR the second time did you click the Fix button after the tool completed it's scan?


Please review the instructions posted for running aswMBR the second time. Let me know if you missed a step in following the aswMBR instructions.

arash
2011-09-22, 09:17
Hi
Yes and I even did it twice !!!

Thanks

oldman960
2011-09-22, 15:52
Hi arash,


Please read carefully and follow these steps.

Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png

If an infected file is detected, the default action will be Cure, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png

If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

arash
2011-09-22, 21:30
YEEEEEESSSSS

Thank you so much. Eset does not see the virus anymore

thanks again

oldman960
2011-09-22, 22:05
Hi arash,

Please post the log from TDDSKiller. It should be at C:\TDSSKiller{series of numbers}.log.txt It will contain some improtant information about any other possible problems.

Thanks

arash
2011-09-22, 23:24
sorry cant find log anywhere. Where else can it be

oldman960
2011-09-23, 00:17
Hi arash,

Let's see if we can find the log and have a look at a directory at the same time.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield
Do not copy the word CODE , please note the script starts with the :

:dir
c:\documents and settings\All Users\Application Data\iJ09200JmDbG09200
:filefind
*TDSSKiller*

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

arash
2011-09-23, 10:00
Please find report

Thanks

oldman960
2011-09-23, 15:28
Hi arash,

The log is on your C:\ drive
right click your start button and click explore
in the left hand panel click on C:\
in the right hand panel locate TDSSKiller.2.5.23.0_22.09.2011_19.19.43_log.txt
open it with notepad and post it's contents

arash
2011-09-23, 19:59
sorry I was looking for a directory :


2011/09/22 19:19:43.0843 3032 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/22 19:19:44.0046 3032 ================================================================================
2011/09/22 19:19:44.0046 3032 SystemInfo:
2011/09/22 19:19:44.0046 3032
2011/09/22 19:19:44.0046 3032 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/22 19:19:44.0046 3032 Product type: Workstation
2011/09/22 19:19:44.0046 3032 ComputerName: ASHOME
2011/09/22 19:19:44.0046 3032 UserName: User
2011/09/22 19:19:44.0046 3032 Windows directory: C:\WINDOWS
2011/09/22 19:19:44.0046 3032 System windows directory: C:\WINDOWS
2011/09/22 19:19:44.0046 3032 Processor architecture: Intel x86
2011/09/22 19:19:44.0046 3032 Number of processors: 2
2011/09/22 19:19:44.0046 3032 Page size: 0x1000
2011/09/22 19:19:44.0046 3032 Boot type: Normal boot
2011/09/22 19:19:44.0046 3032 ================================================================================
2011/09/22 19:19:46.0218 3032 Initialize success
2011/09/22 19:19:49.0078 1144 ================================================================================
2011/09/22 19:19:49.0078 1144 Scan started
2011/09/22 19:19:49.0078 1144 Mode: Manual;
2011/09/22 19:19:49.0078 1144 ================================================================================
2011/09/22 19:19:52.0125 1144 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/09/22 19:19:52.0984 1144 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/22 19:19:53.0218 1144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/22 19:19:53.0921 1144 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/22 19:19:54.0156 1144 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/22 19:19:54.0265 1144 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/09/22 19:19:54.0625 1144 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/22 19:19:54.0765 1144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/22 19:19:54.0828 1144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/22 19:19:54.0906 1144 AtcL001 (4d689ed3049947f311330488e1c055c9) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
2011/09/22 19:19:54.0953 1144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/22 19:19:55.0031 1144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/22 19:19:55.0093 1144 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/09/22 19:19:55.0140 1144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/22 19:19:55.0250 1144 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/09/22 19:19:55.0468 1144 CbFs (a975187f3c8867f8d00a698a5282672b) C:\WINDOWS\system32\drivers\cbfs.sys
2011/09/22 19:19:55.0531 1144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/22 19:19:55.0640 1144 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/22 19:19:55.0734 1144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/22 19:19:55.0796 1144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/22 19:19:55.0843 1144 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/22 19:19:56.0140 1144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/22 19:19:56.0265 1144 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/22 19:19:56.0375 1144 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/22 19:19:56.0515 1144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/22 19:19:56.0609 1144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/22 19:19:56.0687 1144 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/09/22 19:19:56.0750 1144 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/09/22 19:19:56.0796 1144 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/09/22 19:19:56.0875 1144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/22 19:19:56.0953 1144 eamon (e31464ce787e3a0ffea55baa591897f0) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/09/22 19:19:57.0062 1144 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/09/22 19:19:57.0156 1144 epfw (c2c9a92b560a775c65b89e78dcb6951a) C:\WINDOWS\system32\DRIVERS\epfw.sys
2011/09/22 19:19:57.0234 1144 Epfwndis (73fc7c4a5952b5493c6be2708d1538c0) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2011/09/22 19:19:57.0343 1144 epfwtdi (cd6d97a7a88a78fa6f1732b75971ead0) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2011/09/22 19:19:57.0500 1144 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/22 19:19:57.0625 1144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/22 19:19:57.0671 1144 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/22 19:19:57.0718 1144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/22 19:19:57.0796 1144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/22 19:19:57.0875 1144 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/09/22 19:19:57.0906 1144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/22 19:19:57.0953 1144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/22 19:19:58.0078 1144 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/09/22 19:19:58.0156 1144 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/09/22 19:19:58.0312 1144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/22 19:19:58.0421 1144 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/22 19:19:58.0500 1144 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/22 19:19:58.0625 1144 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/22 19:19:58.0718 1144 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/22 19:19:58.0890 1144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/22 19:19:59.0109 1144 IntcAzAudAddService (60d7460b07012d364ced11dd9fd83e1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/22 19:19:59.0343 1144 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/22 19:19:59.0390 1144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/22 19:19:59.0468 1144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/22 19:19:59.0562 1144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/22 19:19:59.0625 1144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/22 19:19:59.0671 1144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/22 19:19:59.0718 1144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/22 19:20:00.0078 1144 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/22 19:20:00.0156 1144 iteraid (979836fc6dc05218b4e93e5ccea5654b) C:\WINDOWS\system32\drivers\iteraid.sys
2011/09/22 19:20:00.0250 1144 jahci (9938ad6e9192bf1ee76d8e8a9b61f5b4) C:\WINDOWS\system32\drivers\jahci.sys
2011/09/22 19:20:00.0468 1144 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/22 19:20:00.0578 1144 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/22 19:20:00.0625 1144 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/22 19:20:00.0687 1144 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/22 19:20:00.0921 1144 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/09/22 19:20:00.0984 1144 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/09/22 19:20:01.0156 1144 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/09/22 19:20:01.0218 1144 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/09/22 19:20:01.0281 1144 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/09/22 19:20:01.0500 1144 LVUVC (3703406af0726badd24c5e552493e5b1) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/09/22 19:20:01.0593 1144 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2011/09/22 19:20:01.0656 1144 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
2011/09/22 19:20:01.0734 1144 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/22 19:20:01.0796 1144 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/22 19:20:01.0906 1144 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/22 19:20:02.0000 1144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/22 19:20:02.0093 1144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/22 19:20:02.0265 1144 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/22 19:20:02.0312 1144 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/09/22 19:20:02.0406 1144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/22 19:20:02.0468 1144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/22 19:20:02.0625 1144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/22 19:20:02.0671 1144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/22 19:20:02.0734 1144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/22 19:20:02.0781 1144 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/22 19:20:02.0921 1144 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/09/22 19:20:02.0968 1144 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/22 19:20:03.0000 1144 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/22 19:20:03.0062 1144 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/22 19:20:03.0109 1144 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/22 19:20:03.0203 1144 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/22 19:20:03.0218 1144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/22 19:20:03.0281 1144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/22 19:20:03.0328 1144 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/22 19:20:03.0359 1144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/22 19:20:03.0406 1144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/22 19:20:03.0656 1144 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/22 19:20:03.0781 1144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/22 19:20:03.0843 1144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/22 19:20:03.0937 1144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/22 19:20:04.0093 1144 nv (dc0b33c6c7321714be4e6c1a005a75d9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/22 19:20:04.0453 1144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/22 19:20:04.0718 1144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/22 19:20:04.0843 1144 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/09/22 19:20:04.0906 1144 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/09/22 19:20:05.0000 1144 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/09/22 19:20:05.0078 1144 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/22 19:20:05.0125 1144 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/22 19:20:05.0156 1144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/22 19:20:05.0218 1144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/22 19:20:05.0250 1144 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/22 19:20:05.0328 1144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/22 19:20:05.0421 1144 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/22 19:20:05.0828 1144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/22 19:20:05.0968 1144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/22 19:20:06.0046 1144 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/22 19:20:06.0640 1144 RapportCerberus_29574 (dda98cc4f34977914c731b8155e1cbd5) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys
2011/09/22 19:20:06.0812 1144 RapportEI (ebb483bb8e50345bcf3228e3b47a7b78) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/09/22 19:20:06.0984 1144 RapportKELL (2641560e667c74a08a0826828417ddb7) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2011/09/22 19:20:07.0062 1144 RapportPG (69a0ecb8291bb6d2027c845d6cbef6b8) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/09/22 19:20:07.0140 1144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/22 19:20:07.0218 1144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/22 19:20:07.0281 1144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/22 19:20:07.0359 1144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/22 19:20:07.0484 1144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/22 19:20:07.0656 1144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/22 19:20:07.0765 1144 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/22 19:20:07.0843 1144 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/22 19:20:07.0968 1144 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/22 19:20:08.0031 1144 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/09/22 19:20:08.0203 1144 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/09/22 19:20:08.0296 1144 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/09/22 19:20:08.0484 1144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/22 19:20:08.0531 1144 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/22 19:20:08.0562 1144 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/22 19:20:08.0656 1144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/22 19:20:08.0734 1144 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/22 19:20:08.0906 1144 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/09/22 19:20:09.0000 1144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/22 19:20:09.0078 1144 SQTECH9052 (69b4ad63ab4e4329773efa33c69c1943) C:\WINDOWS\system32\Drivers\Capt9052.sys
2011/09/22 19:20:09.0125 1144 SQTECH905C (ae35d551fb28e0355c154e0c1fa20e2d) C:\WINDOWS\system32\Drivers\Capt905c.sys
2011/09/22 19:20:09.0187 1144 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/22 19:20:09.0265 1144 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/22 19:20:09.0328 1144 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/22 19:20:09.0437 1144 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/22 19:20:09.0546 1144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/22 19:20:09.0859 1144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/22 19:20:09.0937 1144 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/22 19:20:10.0000 1144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/22 19:20:10.0062 1144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/22 19:20:10.0109 1144 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/22 19:20:10.0343 1144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/22 19:20:10.0453 1144 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/22 19:20:10.0578 1144 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/22 19:20:10.0656 1144 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/22 19:20:10.0734 1144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/22 19:20:10.0812 1144 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/22 19:20:10.0843 1144 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/22 19:20:10.0937 1144 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/22 19:20:11.0031 1144 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/22 19:20:11.0093 1144 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/22 19:20:11.0234 1144 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/22 19:20:11.0328 1144 USB_RNDIS (f39039d5c96c1d3ac2a637a659dbf282) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/09/22 19:20:11.0437 1144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/22 19:20:11.0593 1144 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/22 19:20:11.0718 1144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/22 19:20:11.0781 1144 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/09/22 19:20:11.0937 1144 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/22 19:20:12.0140 1144 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/22 19:20:12.0265 1144 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/09/22 19:20:12.0265 1144 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/22 19:20:12.0281 1144 Boot (0x1200) (f977f90a027d1fb57bc2fc9fb68f3b19) \Device\Harddisk0\DR0\Partition0
2011/09/22 19:20:12.0281 1144 ================================================================================
2011/09/22 19:20:12.0281 1144 Scan finished
2011/09/22 19:20:12.0281 1144 ================================================================================
2011/09/22 19:20:12.0296 2696 Detected object count: 1
2011/09/22 19:20:12.0296 2696 Actual detected object count: 1
2011/09/22 19:20:21.0281 2696 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/22 19:20:21.0281 2696 \Device\Harddisk0\DR0 - ok
2011/09/22 19:20:21.0281 2696 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/22 19:20:31.0031 2428 Deinitialize success

oldman960
2011-09-24, 08:17
Hi arash,

No problem.

Please locate combofix.exe in this folder c:\documents and settings\User\My Documents\Downloads. Right click it and select delete.

Please download a new copy from Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)


Save it to your desktop. If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to "Always ask me where to Save the files".



Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)


Double click it to run it, When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Thanks

arash
2011-09-24, 15:50
thanks..

oldman960
2011-09-24, 19:06
Hi arash,

It's important that combofix is located directly on our desktop. Please move it from the download folder and place it on your desktop.

I see your homepage and search engine have been changed to jzip. Was this intentional?

You have a questionalable toolbar installed, AskToolbar, Do you acually use it?

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :



:Services

:Files
c:\documents and settings\All Users\Application Data\iJ09200JmDbG09200

:Commands
[creatrestorepoint]
[emptytemp]
[emptyflash]


Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.


How's the computer?

Thanks

arash
2011-09-27, 23:49
thanks

log attached

I cant get rid of toolbar or zjip

oldman960
2011-09-28, 00:26
Hi arash,

I do'n't see a log attached. Please copy and paste the logs directly into your replies. D not attach them unless specifically requested (it's eaier to work with them), :)

Open Windows explorer (right click your start button and click explore) Navigat to this folder C:\Qoobox. In the right hand column locate Add-Remove-Programs.txt. Please post it's contents.

Thanks

arash
2011-09-29, 22:59
thanks

2007 Microsoft Office Suite Service Pack 2 (SP2)
Accounts
Adobe Acrobat 9 Pro - English, Fran็ais, Deutsch
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.1
Adobe Shockwave Player
aioprnt
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Attansic Giga Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
Attribute Changer 6.10a
BitTorrent
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software Updater
BlackBerry Device Software v5.0.0 for the BlackBerry 9700 smartphone
Bonjour
BT Billing Analyst
BTC CT Solution Express 2010 (v3.5.08)
BTC PM Solution 2011 (v3.3.04)
BulkSMS Desktop Messenger
BulkSMS Text Messenger
Bullzip PDF Printer 6.0.0.865
Business Plan Pro 15th Anniversary Edition
C4USelfUpdater
CameraHelperMsi
CCleaner
center
Click to Call with Skype
CorelDRAW Graphics Suite X3
CutePDF Writer 2.7
DB CIF Cam
DYMO Label Software
EN
EPSON Printer Software
erLT
ESET Smart Security
essentials
EuroTalk Junior Language Challenge
EuroTalk Talk Now!
Express Burn
FileZilla Client 3.3.2.1
Final Media Player 2010
FontNav
Foxit PDF Editor
getPlus(R) for Adobe
Google Chrome
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPL Ghostscript 8.63
GPL Ghostscript Lite 8.64
Hotfix for Windows XP (KB954708)
iTunes
Java 2 Runtime Environment, SE v1.4.1_07
Java Web Start
Java(TM) 6 Update 11
Junk Mail filter update
jZip
Kodak AIO Printer
KODAK AiO Software
ksDIP
Livedrive
Logitech Vid HD
Logitech Webcam Software
LogMeIn
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Moneysoft Money Manager 6 Business Edition
Moneysoft Payroll Manager
Moneysoft Payroll Manager Update
Mozilla Firefox (3.5.11)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Notation Player 2.1.2
NVIDIA Drivers
ocr
OpenOffice.org 3.2
Photodex Presenter
Pinnacle Instant DVD Recorder
Pinnacle Studio 12
Pinnacle Video Driver
PMB
PreReq
PriceGong 2.1.0
Primo
ProShow Gold
QuickTime
QuickTime Alternative 2.7.0
Rapport
Realtek High Definition Audio Driver
Runtime
Sage 50 Accounts 2011
Sage Instant Accounts v14
Sage WinForecast Professional v4.06
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127)
Segoe UI
SiSoftware Sandra Lite XII.SP1
Skype? 5.5
Software Update for Web Folders
Spybot - Search & Destroy
SupportSoft Assisted Service
SweetIM for Messenger 3.4
SweetIM Toolbar for Internet Explorer 4.1
TallStick TS-AudioToMIDI 3.30 (remove only)
Universal Document Converter
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update Manager
VBA
Visual Studio 2005 Tools for Office Second Edition Runtime
VNC Personal Edition P4.3.2
VT Accounts
VT Accounts (C:\Program Files\VT Accounts\)
VT Accounts (C:\Program Files\VT Accounts\) #10
VT Accounts (C:\Program Files\VT Accounts\) #3
VT Accounts (C:\Program Files\VT Accounts\) #4
VT Accounts (C:\Program Files\VT Accounts\) #5
VT Accounts (C:\Program Files\VT Accounts\) #6
VT Accounts (C:\Program Files\VT Accounts\) #7
VT Accounts (C:\Program Files\VT Accounts\) #8
VT Accounts (C:\Program Files\VT Accounts\) #9
VT Transaction+
WavePad Sound Editor
WinAce Archiver
Windows 7 Upgrade Advisor
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows jZip Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

oldman960
2011-09-29, 23:57
Hi asrash,

Click your start button > Control Panel > Add ? Remove programs and uninstall

Java 2 Runtime Environment, SE v1.4.1_07
jZip
PriceGong 2.1.0
Windows jZip Toolbar


Reboot your computer.

After the reboot rerun OTL
Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check Scan All users
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad windows, OTL.Txt no Extras.Txt this time.

Please post back with
OTL log
Thanks

No need for a Hijackthis log this time.

arash
2011-10-01, 22:48
thanks but i cant paste it or attach it as its says too long for forum

oldman960
2011-10-02, 11:17
Hi arash,

Can you zip it then attach it?

To zip the log, right click on it, click Send To>Compressed (zipped) folder

arash
2011-10-02, 21:35
thanks attached

oldman960
2011-10-03, 02:39
Hi arash,

The next 2 post will be just me posting the OTL log. It's easier to work with them when they are posted.

The fix will be in the post following the log.

OTL logfile created on: 01/10/2011 20:40:44 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 65.13% Memory free
4.85 Gb Paging File | 3.24 Gb Available in Paging File | 66.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 50.14 Gb Free Space | 33.64% Space Free | Partition Type: NTFS
Drive D: | 189.92 Gb Total Space | 124.34 Gb Free Space | 65.47% Space Free | Partition Type: NTFS
Drive T: | 88.86 Gb Total Space | 50.53 Gb Free Space | 56.86% Space Free | Partition Type: NTFS
Drive Z: | 88.86 Gb Total Space | 50.53 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

Computer Name: ASHOME | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/01 20:40:11 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2011/10/01 00:38:03 | 001,030,200 | ---- | M] (Google Inc.) -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/09/25 18:59:56 | 001,636,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/08/23 15:30:52 | 003,623,936 | ---- | M] (Moneysoft Ltd.) -- C:\Program Files\Moneysoft\Payroll Manager\PM3.EXE
PRC - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/06/20 14:35:10 | 001,700,352 | ---- | M] (Livedrive Internet Ltd) -- C:\Program Files\Livedrive\Livedrive.exe
PRC - [2011/06/16 17:53:22 | 002,510,848 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2011/06/05 17:28:54 | 001,546,648 | ---- | M] (Discordia, LTD) -- C:\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/29 21:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/12/16 20:09:34 | 000,049,152 | ---- | M] (Sage (UK) Limited) -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/09/15 11:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/05/14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/03 16:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/01 09:42:54 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\temp\{346a106f-eee7-43f1-b38c-98b0a30841ef}\Livedrive.Native.dll
MOD - [2011/10/01 00:38:02 | 000,412,728 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppgooglenaclpluginchrome.dll
MOD - [2011/10/01 00:38:00 | 003,696,184 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
MOD - [2011/10/01 00:36:54 | 000,309,816 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\Locales\en-GB.dll
MOD - [2011/10/01 00:36:24 | 000,142,568 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\avutil-51.dll
MOD - [2011/10/01 00:36:23 | 000,253,320 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\avformat-53.dll
MOD - [2011/10/01 00:36:22 | 002,403,240 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\avcodec-53.dll
MOD - [2011/09/19 20:38:08 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/12 17:37:21 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\1c1c395e64afc7ca12b9ce9f09070129\Inkjet.Automation.ni.dll
MOD - [2011/09/12 17:37:18 | 000,122,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\ea126d2918dd56f05b7ef76584aece62\Inkjet.DeviceSettings.ni.dll
MOD - [2011/09/12 17:37:15 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\2471a7f4260fb4eace29e329de48c8a9\Inkjet.Localization.ni.dll
MOD - [2011/09/12 17:37:15 | 000,131,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\9697ea0f655fdd4b40342c480d1efe42\Inkjet.Diagnostics.ni.dll
MOD - [2011/09/12 17:37:14 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\b6a1e3e41d148cf9dc2c8972d32d93f3\Inkjet.Utilities.ni.dll
MOD - [2011/09/12 17:37:13 | 000,856,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\6e01aa05227649ee6d43cdfa73ead323\Inkjet.Hardware.ni.dll
MOD - [2011/09/12 17:37:12 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\3d339e37ed96d337a950508fed817625\Inkjet.Configuration.ni.dll
MOD - [2011/09/12 17:37:11 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\e91d35ecb551282d1e5c5bc0e072b04b\Inkjet.Statistics.ni.dll
MOD - [2011/08/07 13:59:13 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/06/20 14:34:24 | 000,582,144 | ---- | M] () -- C:\Program Files\Livedrive\Livedrive.Localisation.dll
MOD - [2011/05/03 14:29:52 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Common.Web.Server\1.0.0.0__c59b718b5ca510a8\Sage.Common.Web.Server.dll
MOD - [2011/05/03 14:29:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Server.Model\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Server.Model.dll
MOD - [2011/05/03 14:29:52 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Server.Feeds\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Server.Feeds.dll
MOD - [2011/05/03 14:29:51 | 000,380,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Common.Syndication\1.0.0.0__c59b718b5ca510a8\Sage.Common.Syndication.dll
MOD - [2011/05/03 14:29:51 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Server\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Server.dll
MOD - [2011/05/03 14:29:51 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Utilities\1.0.0.0__c59b718b5ca510a8\Sage.Utilities.dll
MOD - [2011/05/03 14:29:51 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Diagnostics\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Diagnostics.dll
MOD - [2011/04/08 09:34:30 | 000,815,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
MOD - [2010/11/10 03:45:18 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2010/10/29 21:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 21:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2010/06/25 10:22:58 | 000,904,704 | ---- | M] () -- C:\Program Files\Livedrive\System.Data.SQLite.DLL
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/03/21 19:19:50 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/03/01 13:16:28 | 000,260,608 | ---- | M] () -- C:\Program Files\Livedrive\AlphaFS.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/22 22:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/10 00:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 23:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 23:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 23:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 23:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 23:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 23:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 23:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 23:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 23:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2009/02/14 05:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2008/06/11 23:32:28 | 002,666,496 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2008/04/14 06:42:04 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 06:42:04 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/17 17:43:03 | 001,986,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
MOD - [2008/03/17 17:42:52 | 012,509,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
MOD - [2008/03/17 17:42:41 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
MOD - [2008/03/17 17:42:37 | 000,233,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
MOD - [2008/03/17 17:42:26 | 001,064,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\29c7192327cf3999961560bf3a3995c6\System.Management.ni.dll
MOD - [2008/03/17 17:42:18 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
MOD - [2008/03/17 17:42:15 | 000,659,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
MOD - [2008/03/17 17:42:11 | 001,224,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
MOD - [2008/03/17 17:42:06 | 001,011,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
MOD - [2008/03/16 22:40:03 | 005,771,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
MOD - [2008/03/16 22:39:57 | 013,193,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
MOD - [2008/03/16 22:39:45 | 001,667,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
MOD - [2008/03/16 22:39:28 | 007,049,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
MOD - [2008/03/16 22:38:26 | 008,265,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
MOD - [2008/03/16 22:38:11 | 011,722,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
MOD - [2008/03/16 21:48:38 | 000,261,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/03/16 21:48:30 | 003,036,160 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/07/12 23:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/02/14 06:32:06 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2001/07/31 05:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WudfSvc)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/12/16 20:09:34 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2009/12/16 19:22:10 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/15 11:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/03/03 14:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008/01/12 13:26:42 | 000,181,312 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2007/12/12 18:32:20 | 001,253,568 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/12/12 18:31:58 | 000,213,176 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/09/25 19:00:08 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/09/25 19:00:08 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/03 08:17:05 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2011/07/06 16:32:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/11/10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC)
DRV - [2010/11/10 03:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/16 13:44:18 | 000,146,904 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs.sys -- (CbFs)
DRV - [2009/05/14 15:49:26 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/05/14 15:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/05/14 15:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/04/03 09:18:44 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/07/24 18:46:08 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/06/10 21:15:40 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2008/04/14 01:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/02/21 10:08:54 | 000,038,656 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt9052.sys -- (SQTECH9052)
DRV - [2007/05/18 11:41:30 | 000,037,760 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2006/12/16 16:00:46 | 000,033,280 | ---- | M] (JMicron) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\jahci.sys -- (jahci)
DRV - [2006/11/15 23:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/31 20:10:06 | 000,035,840 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/01/19 12:01:26 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004/08/13 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 22:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 22:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://search.jzip.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..browser.search.order.1: "Search Results"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/03/12 12:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/18 12:59:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/26 21:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/09/07 21:17:33 | 000,000,000 | ---D | M]

[2011/09/21 13:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/05/15 21:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/09/30 23:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\extensions
[2011/04/22 09:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010/01/09 23:16:30 | 000,002,038 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\searchplugins\MyStart Search.xml
[2011/09/21 13:22:43 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\searchplugins\SearchResults.xml
[2011/04/21 09:46:37 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\searchplugins\SweetIM Search.xml
[2011/09/21 13:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/21 19:12:22 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009/06/17 19:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2011/03/12 12:04:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C}
[2009/05/15 21:45:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2007/08/29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/01/12 18:07:00 | 002,633,728 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2007/03/09 12:35:00 | 000,365,056 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npupd62.dll
[2006/03/22 04:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2007/08/06 12:07:00 | 000,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2007/07/18 14:54:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2010/01/18 21:33:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/18 21:33:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/18 21:33:22 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/21 13:22:43 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2010/01/18 21:33:22 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Documents and Settings\User\Application Data\Mozilla\plugins\npPxPlay.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: LogMeIn, Inc. Remote Access Components 1.0.0.406 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
CHR - plugin: WindizUpdate Plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npupd62.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Click to call with Skype = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\

O1 HOSTS File: ([2011/09/24 13:32:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Foxit Editor Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\Livedrive\LivedriveExplorerExtensions.dll (Livedrive Internet Ltd)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Foxit Editor Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Editor Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [Livedrive] C:\Program Files\Livedrive\Livedrive.exe (Livedrive Internet Ltd)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: logmein.com ([server00008b-geyzvugtbf.app109] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263078527406 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263078519953 (MUWebControl Class)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://82.69.87.87/bl_camera.cab (Bl_camera Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Key error. (Java Plug-in 1.6.0_11)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://camaras.costablanca.org/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab? (Photo Upload Plugin Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F695B426-E0A0-45EB-911B-CD0CBD4677C0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/27 02:22:03 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 21:39:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/27 21:39:42 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/09/26 21:46:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/26 21:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/09/26 21:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/09/26 21:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/26 21:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/26 21:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/09/25 19:00:08 | 000,056,336 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/09/24 13:48:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/22 19:19:25 | 001,403,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2011/09/21 18:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\jzipband
[2011/09/21 18:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\AppData
[2011/09/21 13:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/09/21 13:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows jZip Toolbar
[2011/09/19 17:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/19 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/18 13:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2011/09/18 13:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)
[2011/09/18 13:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(2)
[2011/09/18 12:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(2)
[2011/09/15 08:27:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/12 20:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/12 20:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/12 17:33:55 | 000,425,984 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJ5000MON.dll
[2011/09/12 17:33:55 | 000,131,072 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJCOINST12.dll
[2010/02/09 11:32:16 | 000,184,320 | R--- | C] ( ) -- C:\WINDOWS\System32\SgE.interop.MSXML2.dll
[2006/12/12 11:59:08 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSXML2.dll

========== Files - Modified Within 30 Days ==========

[2011/10/01 20:27:08 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1383384898-839522115-1003UA.job
[2011/10/01 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/01 19:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/01 17:42:32 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ASHOME_User.job
[2011/10/01 16:13:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/10/01 15:57:04 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/10/01 15:39:45 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/01 09:37:38 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/01 09:36:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/01 09:35:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/01 09:35:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/30 23:26:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1383384898-839522115-1003Core.job
[2011/09/29 23:18:54 | 000,007,741 | ---- | M] () -- C:\Documents and Settings\User\Desktop\download.jpg
[2011/09/27 21:39:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/09/26 21:15:16 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/26 21:11:27 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/09/26 21:09:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/26 20:29:37 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\User\Desktop\VT Final Accounts Help Topics.lnk
[2011/09/26 20:29:37 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\User\Desktop\VT Fact Viewer.lnk
[2011/09/26 20:29:37 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\User\Desktop\VT Transaction+.lnk
[2011/09/26 20:29:37 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\User\Desktop\VT Cash Book.lnk
[2011/09/26 20:27:34 | 000,360,448 | ---- | M] (VT Software Limited) -- C:\WINDOWS\Setup1.exe
[2011/09/26 20:27:33 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2011/09/26 20:00:53 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2011/09/25 21:19:00 | 000,002,524 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2011/09/25 21:19:00 | 000,000,135 | ---- | M] () -- C:\WINDOWS\System32\SageInformer50.ssf
[2011/09/25 21:03:25 | 000,002,826 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2011/09/25 21:02:51 | 000,000,432 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/09/25 21:02:50 | 000,004,785 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/25 20:44:00 | 000,013,150 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Elms 2915 - 010811.pdf
[2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/09/24 13:32:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/21 18:39:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2011/09/20 08:54:14 | 001,403,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2011/09/19 18:34:59 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Payroll Manager.lnk
[2011/09/13 19:00:13 | 000,003,766 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/09/12 17:37:58 | 000,001,893 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk

oldman960
2011-10-03, 02:40
========== Files Created - No Company Name ==========

[2011/09/26 21:15:16 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/26 21:11:27 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/09/26 20:29:37 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\User\Desktop\VT Final Accounts Help Topics.lnk
[2011/09/26 20:29:37 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\User\Desktop\VT Fact Viewer.lnk
[2011/09/26 20:29:37 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\User\Desktop\VT Transaction+.lnk
[2011/09/26 20:29:37 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\User\Desktop\VT Cash Book.lnk
[2011/09/25 20:44:00 | 000,013,150 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Elms 2915 - 010811.pdf
[2011/09/25 12:55:57 | 000,007,741 | ---- | C] () -- C:\Documents and Settings\User\Desktop\download.jpg
[2011/09/21 18:39:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2011/09/17 18:12:29 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Windows Live Messenger.lnk
[2011/09/15 08:27:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/15 08:27:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/12 17:37:58 | 000,001,893 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
[2011/01/15 13:11:16 | 000,000,138 | ---- | C] () -- C:\WINDOWS\MSCalc.ini
[2010/11/10 03:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/10 03:45:30 | 010,871,128 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/10 03:45:20 | 000,316,248 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/10 03:31:42 | 000,026,286 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/09/19 21:28:16 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/06/16 12:27:02 | 000,002,226 | ---- | C] () -- C:\WINDOWS\RBuilder.ini
[2010/06/08 21:08:42 | 000,113,864 | ---- | C] () -- C:\WINDOWS\System32\W32mkrc.dll
[2010/06/08 21:08:41 | 000,324,296 | ---- | C] () -- C:\WINDOWS\System32\w32mkde.exe
[2010/06/02 21:14:57 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7ED873D347.sys
[2010/06/02 20:58:53 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/02/26 09:55:34 | 000,015,028 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\rQVN4I4g
[2010/02/09 11:33:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SgELauncher.dll
[2010/02/09 11:33:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll
[2010/01/21 20:35:37 | 000,000,226 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/20 18:43:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2010/01/20 18:43:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2009/12/24 12:11:10 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll
[2009/12/24 12:11:04 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll
[2009/12/24 12:11:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll
[2009/12/24 12:10:58 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll
[2009/12/24 12:10:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll
[2009/12/24 12:10:52 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2009/12/24 12:10:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2009/12/24 12:10:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2009/12/24 12:10:34 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2009/12/24 12:10:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll
[2009/12/24 12:09:52 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2009/12/24 12:09:48 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2009/12/24 12:09:44 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2009/09/23 13:04:07 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/09/23 13:03:53 | 000,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2009/09/23 13:03:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2009/07/27 15:15:32 | 000,001,205 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[2009/07/08 21:54:07 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/05/21 21:20:54 | 000,000,077 | ---- | C] () -- C:\WINDOWS\fsp.bin
[2009/05/21 21:19:11 | 000,003,258 | ---- | C] () -- C:\WINDOWS\forbes.ini
[2009/05/15 08:16:58 | 000,000,134 | ---- | C] () -- C:\WINDOWS\OM6R.INI
[2009/05/03 22:24:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/03 22:24:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/03 22:24:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/06 21:07:10 | 000,000,194 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2009/04/06 21:06:25 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\Flp32b20.dll
[2009/03/14 18:22:20 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/03/01 20:26:31 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/02/15 21:23:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\wltrysvc.exe
[2009/02/15 21:23:54 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2009/02/15 21:23:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/02/15 21:23:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\AegisI2.exe
[2009/01/24 14:50:33 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/12/22 10:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2008/12/01 15:37:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe
[2008/12/01 15:36:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2008/12/01 15:36:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2008/12/01 15:36:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2008/12/01 15:35:56 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2008/12/01 15:35:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2008/12/01 15:35:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2008/09/18 16:30:48 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\User\Application Data\WavCodec.wff
[2008/06/10 21:15:40 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/16 21:50:21 | 000,480,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/02/01 19:03:48 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/01/31 20:45:04 | 000,000,432 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/27 02:44:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2008/01/20 12:30:46 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/01/12 13:27:53 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/01/03 23:30:08 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/03 22:00:05 | 000,001,679 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/03 21:59:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/12 10:19:56 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/02/14 06:32:06 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/02/14 06:32:06 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/02/14 06:32:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/02/14 06:32:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/02/14 06:32:04 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/02/14 06:32:04 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/02/14 06:32:04 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/02/14 06:32:04 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/14 06:32:02 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/02/14 06:32:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/02/14 06:32:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/11/23 15:41:30 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2006/11/23 15:41:28 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/11/23 15:41:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2006/11/01 16:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/11/01 16:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2006/11/01 15:50:40 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\PDFInstall.exe
[2005/08/23 14:12:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll
[2005/08/22 09:32:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\REPDES32.EXE
[2005/06/03 09:06:04 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeConfig.dll
[2004/08/04 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 22:00:00 | 000,547,726 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 22:00:00 | 000,098,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 22:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2004/08/04 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 02:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2002/01/01 05:57:23 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Player.INI
[2002/01/01 01:20:00 | 000,004,785 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/01/01 01:13:50 | 000,434,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/12/31 18:42:13 | 000,011,649 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2001/12/31 18:40:21 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2001/12/31 18:36:47 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2001/12/31 18:36:31 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2001/12/31 18:32:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2001/12/31 18:26:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/12/31 18:25:30 | 000,121,089 | ---- | C] () -- C:\WINDOWS\System32\vsdrv.exe
[2001/08/23 22:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 22:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/31 05:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1998/03/26 02:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\TMailRL.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\TMail3FL.SYS
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\rlfnlf.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\flfnlf.sys
[1996/01/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\wfph.dat

========== LOP Check ==========

[2011/09/21 21:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/06/05 16:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BTBA
[2009/08/26 21:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BTCSoftware
[2010/06/08 21:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Btrieve
[2008/02/01 19:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/05/09 20:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2001/12/31 18:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/01/09 23:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/01/09 23:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/02/07 18:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallEngine
[2011/02/11 18:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010/05/09 20:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2011/10/01 09:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/03/07 10:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/12/05 16:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2008/08/25 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/01/27 12:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2008/08/25 15:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2008/01/07 19:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PY_Software
[2010/01/10 18:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/03/04 15:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/03/26 11:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/05/03 14:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2011/01/03 14:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/01/24 14:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/01/27 02:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/09/19 21:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/08/25 15:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2009/09/24 17:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/05 07:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/09/26 20:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VT Accounts
[2009/01/13 22:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VT Transaction
[2011/01/30 20:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2002/01/01 05:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/03/27 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 14:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/31 15:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/01/30 20:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Autodesk
[2011/08/19 21:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent
[2008/07/16 17:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent(2)
[2008/01/12 22:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Blackberry Desktop
[2011/02/11 18:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\bppenu11
[2011/06/17 18:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BTCSoftware
[2010/08/14 11:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BulkSMS Messenger
[2009/07/02 15:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Bullzip
[2009/12/05 16:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Downloaded Installations
[2001/12/31 18:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ESET
[2011/07/29 11:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EuroTalk
[2011/08/19 21:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileZilla
[2010/06/02 12:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FinalMediaPlayer
[2009/09/04 07:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2009/11/17 20:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GrabPro
[2008/03/23 21:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ICAClient
[2011/09/21 18:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\jzipband
[2011/07/10 18:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2009/12/05 19:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire
[2011/06/28 18:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Livedrive Internet Limited
[2008/09/18 16:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
[2008/01/12 12:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Netscape
[2009/12/16 16:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nitro PDF
[2011/05/21 08:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OfficeRecovery
[2010/05/09 21:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2010/10/08 13:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Orbit
[2008/05/07 20:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\orderTalk
[2008/01/12 13:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Photodex
[2008/01/12 22:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2010/12/18 20:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ScanSoft
[2011/04/08 09:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Temp
[2008/07/05 13:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TomTom
[2009/05/11 22:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Trusteer
[2010/02/26 13:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\VT Accounts
[2010/12/29 20:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2010/09/22 09:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search
[2010/12/19 13:51:15 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
[2010/03/07 10:58:04 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnSevenDaysInit.job
[2010/12/19 13:51:15 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2010/01/29 11:19:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\File Helper.job
[2011/10/01 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/10/01 17:42:32 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ASHOME_User.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6107F428

< End of report >

oldman960
2011-10-03, 03:03
Hi asrash,

Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :


:Services

:OTL
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://search.jzip.com/"
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
[2011/09/21 13:22:43 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\searchplugins\SearchResults.xml
[2011/09/21 13:22:43 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2010/02/26 09:55:34 | 000,015,028 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\rQVN4I4g

:Commands
[createrestorepoint]
[emptytemp]


Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

Is your homepage and search ok now?

Thanks

arash
2011-10-03, 22:34
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.selectedEngine
Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q=" removed from keyword.URL
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "http://search.jzip.com/" removed from browser.startup.homepage
Prefs.js: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0 removed from extensions.enabledItems
File C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pjp1dlwi.default\searchplugins\SearchResults.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
File C:\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
File C:\Documents and Settings\User\Local Settings\Application Data\rQVN4I4g not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: parisaparadis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: User
->Temp folder emptied: 136958573 bytes
->Temporary Internet Files folder emptied: 29093968 bytes
->Java cache emptied: 224331 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 18419440 bytes
->Flash cache emptied: 1176 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 7351966 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 29687 bytes

Total Files Cleaned = 183.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10032011_202001

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

oldman960
2011-10-04, 00:54
Hi arash,

How's the computer?

arash
2011-10-05, 10:06
all seem ok

Thanks so much for your help

regards

arash

oldman960
2011-10-06, 03:44
Hi arash,

Let's clean up some remnants and run a couple of scans to look for stragglers.

Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :



:Services

:Files
C:\Program Files\Windows jZip Toolbar
C:\Program Files\Windows jZip
C:\Documents and Settings\User\Application Data\jzipband



Then click the Run Fix button at the top
Let the program run unhindered
Please save the log
Please post the OTL fix log in your next reply.



You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

Click the Update tab
Click Check for Updates
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please run the F-Secure Online Scanner (http://www.f-secure.com/en/web/home_global/protection/free-online-tools/free-online-tools) from F-Secure.

At the bottom of the webpage, read and agree to the license terms and click run check. Be sure to run the Online Scanner and not the Health Check!
If prompted, give the java plug-in permission to run.
Select Quick Scan when prompted, and then click on Scan.
Once the scan is finished, tick off Automatically and Send the Files to F-Secure.
After clicking on next, click on Full Report. A log should appear in your internet browser. Copy that information and post it here.


Please post back with
OTL fix log
MBAM log
F-Secure log
Thanks

arash
2011-10-11, 22:46
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Program Files\Windows jZip Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files\Windows jZip Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files\Windows jZip Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files\Windows jZip Toolbar\Datamngr folder moved successfully.
C:\Program Files\Windows jZip Toolbar folder moved successfully.
File\Folder C:\Program Files\Windows jZip not found.
C:\Documents and Settings\User\Application Data\jzipband folder moved successfully.

OTL by OldTimer - Version 3.2.29.1 log created on 10112011_204524

Edit
http://forums.spybot.info/showthread.php?p=369992#post369992

oldman960
2011-10-12, 17:56
Hi arash,

How are you making out with the rest? How's the computer?

oldman960
2011-10-20, 01:14
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.