Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 38

Thread: Case of "IDP.Trojan.1C8D1A13 and Crypt.AQLW"

  1. #11
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    Sure did!

    What now?

  2. #12
    Security Expert-Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Run a new scan with OTL and post that so we can see how the fix went.
    [SIGPIC]http://i1224.photobucket.com/albums/ee380/jeffce74/Bleedingbanner2.jpg[/SIGPIC]

  3. #13
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    Here you go.

    OTL logfile created on: 4/11/2012 4:07:44 PM - Run 2
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Belle\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.21% Memory free
    6.22 Gb Paging File | 4.97 Gb Available in Paging File | 79.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 280.06 Gb Total Space | 188.57 Gb Free Space | 67.33% Space Free | Partition Type: NTFS

    Computer Name: MAEIR_NEW | User Name: Belle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Belle\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
    PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
    PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
    PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
    PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
    PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
    PRC - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Lenovo\Healthcare\HealthCare.exe (skyware)
    PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
    MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
    MOD - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
    MOD - C:\Windows\System32\IcnOvrly.dll ()
    MOD - C:\Program Files\Lenovo\VeriFaceIII\Time.dll ()
    MOD - C:\Program Files\Lenovo\Healthcare\Health.dll ()
    MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
    MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (ZTEusbser6k) -- %systemroot%\system32\RioS30.dll File not found
    SRV - (z525mgmt) -- %systemroot%\system32\sdhelper.dll File not found
    SRV - (Xponaut_WBD) -- %systemroot%\system32\lvusbsta.dll File not found
    SRV - (Winmgmt) -- %SystemRoot%\system32\wbem\WMIsvc.dllHttpAutoProxySvc\Parameters File not found
    SRV - (wdelmgr20) -- %systemroot%\system32\cccredmgr.dll File not found
    SRV - (wceusbsh) -- %systemroot%\system32\PNDIS5.dll File not found
    SRV - (w800obex) -- %systemroot%\system32\eamon.dll File not found
    SRV - (VX1000) -- %systemroot%\system32\dphost.dll File not found
    SRV - (vrservice) -- %systemroot%\system32\PGPdisk.dll File not found
    SRV - (vetfddnt) -- %systemroot%\system32\ICAM3NT5.dll File not found
    SRV - (VAIOMediaPlatform-MusicServer-HTTP) -- %systemroot%\system32\fsaua.dll File not found
    SRV - (USRpdA) -- %systemroot%\system32\qhwscsvc.dll File not found
    SRV - (ups) -- %systemroot%\system32\cccredmgr.dll File not found
    SRV - (UMAXPCLS) -- %systemroot%\system32\npkcusb.dll File not found
    SRV - (UBHelper) -- %systemroot%\system32\p3.dll File not found
    SRV - (THREADORDER) -- %SystemRoot%\system32\mmcss.dlll File not found
    SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe File not found
    SRV - (symmpi) -- %systemroot%\system32\sansaservice.dll File not found
    SRV - (SrvcSSIOMngr) -- %systemroot%\system32\btwaudio.dll File not found
    SRV - (srescan) -- %systemroot%\system32\tabletservice.dll File not found
    SRV - (SndTDriverV32) -- %systemroot%\system32\gagp30kx.dll File not found
    SRV - (SiS7018) -- %systemroot%\system32\i8042prt.dll File not found
    SRV - (ShellHWDetection) -- %SystemRoot%\System32\shsvcs.dlls\ShellHWDetection\Parameters File not found
    SRV - (sfhlp02) -- %systemroot%\system32\idechndr.dll File not found
    SRV - (serialkeys) -- %systemroot%\system32\USBCamera.dll File not found
    SRV - (ser2plms) -- %systemroot%\system32\s116mdfl.dll File not found
    SRV - (SE2Emdfl) -- %systemroot%\system32\avsvcmonitor.dll File not found
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (retrolauncher) -- %systemroot%\system32\AYDrvNT_ALYAC.dll File not found
    SRV - (regmanserv) -- %systemroot%\system32\NuidFltr.dll File not found
    SRV - (QWAVE) -- %windir%\system32\qwave.dlldc.exe File not found
    SRV - (PTDCMdm) -- %systemroot%\system32\ctxcpusched.dll File not found
    SRV - (phc600) -- %systemroot%\system32\SaiH040B.dll File not found
    SRV - (pelusblf) -- %systemroot%\system32\Wpsnuio.dll File not found
    SRV - (patrol_scheduler) -- %systemroot%\system32\mscsptisrv.dll File not found
    SRV - (NxSysMon) -- %systemroot%\system32\atkkeyboardservice.dll File not found
    SRV - (NWADI) -- %systemroot%\system32\SE2Dmgmt.dll File not found
    SRV - (ntrtscan) -- %systemroot%\system32\client32.dll File not found
    SRV - (MRESP50a64) -- %systemroot%\system32\RVIEG01.dll File not found
    SRV - (MRESP50) -- %systemroot%\system32\savscan.dll File not found
    SRV - (mcdbus) -- %systemroot%\system32\pop3d32.dll File not found
    SRV - (LVRS) -- %systemroot%\system32\se58mdm.dll File not found
    SRV - (lvhidsvc) -- %systemroot%\system32\WinVd32.dll File not found
    SRV - (iwebcal) -- %systemroot%\system32\MSMQ.dll File not found
    SRV - (ICAM5USB) -- %systemroot%\system32\commserver.dll File not found
    SRV - (gtndis5) -- %systemroot%\system32\aspi32.dll File not found
    SRV - (GTF32BUS) -- %systemroot%\system32\lvmvdrv.dll File not found
    SRV - (GT890x) -- %systemroot%\system32\Intels51.dll File not found
    SRV - (FVNETusb) -- %systemroot%\system32\LC7981.dll File not found
    SRV - (fsma) -- %systemroot%\system32\T6963C.dll File not found
    SRV - (Evian) -- %systemroot%\system32\nim32.dll File not found
    SRV - (emu10k1) -- %systemroot%\system32\se59unic.dll File not found
    SRV - (EACSys) -- %systemroot%\system32\se58nd5.dll File not found
    SRV - (DynDNS_Updater_Service) -- %systemroot%\system32\MSFWHLPR.dll File not found
    SRV - (dladresm) -- %systemroot%\system32\qfcoresvc.dll File not found
    SRV - (DivisCTS) -- %systemroot%\system32\mqdmmdfl.dll File not found
    SRV - (dashsvc) -- %systemroot%\system32\avg7alrt.dll File not found
    SRV - (cypresslink) -- %systemroot%\system32\pdiddcci.dll File not found
    SRV - (ctljystk) -- %systemroot%\system32\fips.dll File not found
    SRV - (cqmgserv) -- %systemroot%\system32\PdiPorts.dll File not found
    SRV - (cqcpu) -- %systemroot%\system32\btserial.dll File not found
    SRV - (cdrbsdrv) -- %systemroot%\system32\slave.dll File not found
    SRV - (cachemgr) -- %systemroot%\system32\BCM43XV.dll File not found
    SRV - (ATIVXSTW) -- %systemroot%\system32\omsad.dll File not found
    SRV - (arcltsrv) -- %systemroot%\system32\EACSvrMngr.dll File not found
    SRV - (agnwifi) -- %systemroot%\system32\contentfilter.dll File not found
    SRV - (a016mdm) -- %systemroot%\system32\ikfilesec.dll File not found
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
    SRV - (AntUpdaterService) -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
    SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (OKAV Agent Service) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
    SRV - (WINDEFEND) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


    ========== Driver Services (SafeList) ==========

    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (catchme) -- C:\Users\Belle\AppData\Local\Temp\catchme.sys File not found
    DRV - (BVRPMPR5) -- C:\Windows\system32\drivers\BVRPMPR5.SYS File not found
    DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
    DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
    DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
    DRV - (WinI2C-DDC) -- C:\Windows\System32\drivers\ddcdrv.sys (Nicomsoft Ltd.)
    DRV - (netbt) -- C:\Windows\System32\drivers\netbt.sys ()
    DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
    DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{20CB2A00-D282-4C69-B6AF-07FE9F69B835}: "URL" = http://www.ant.com/search?s=browser&q={searchTerms}
    IE - HKCU\..\SearchScopes\{5D395B13-5CD2-4BF8-A77B-D8A043EE7C35}: "URL" = http://search.avg.com/route/?d=4cdf1a31&v=6.10.23.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en
    IE - HKCU\..\SearchScopes\{F210D498-6131-45D7-91C7-F82B692C7552}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Belle\Program Files\DNA\plugins\npbtdna.dll File not found
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Belle\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Belle\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Belle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Belle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:54:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/06 23:05:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 09:12:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Belle\Program Files\DNA
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Belle\AppData\Roaming\IDM\idmmzcc5 [2012/04/09 12:42:11 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Belle\AppData\Roaming\IDM\idmmzcc5 [2012/04/09 12:42:11 | 000,000,000 | ---D | M]

    [2012/02/09 16:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shuki\AppData\Roaming\Mozilla\Extensions
    [2012/02/09 16:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belle\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2012/04/09 13:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belle\AppData\Roaming\mozilla\Firefox\Profiles\1af5k6uw.default\extensions
    [2012/03/06 23:45:23 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Belle\AppData\Roaming\mozilla\Firefox\Profiles\1af5k6uw.default\extensions\anttoolbar@ant.com
    [2012/04/01 11:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/01 11:33:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/03/06 23:05:29 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2012/04/09 12:42:11 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\BELLE\APPDATA\ROAMING\IDM\IDMMZCC5
    () (No name found) -- C:\USERS\BELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AF5K6UW.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI
    () (No name found) -- C:\USERS\BELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AF5K6UW.DEFAULT\EXTENSIONS\XPIRFTOOLBAR@ROBOFORM.COM.XPI
    [2012/03/19 09:12:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    Hosts file not found
    O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
    O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\Healthcare\HealthCare.exe (skyware)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SetDefaultSCR] C:\Program Files\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe (Lenovo)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [Unattend0000000001{630DEC53-CECA-49A3-896C-B064A4DC05AA}] C:\Windows\test.bat File not found
    O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
    O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
    O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Co...erAX_Win32.cab (20-20 3D Viewer)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
    O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.3.0)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activ...eX_Control.cab (Photo Upload Plugin Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A783B15E-6FC6-407F-A9B9-EA185603CF5E}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/11 00:41:38 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Local\Unity
    [2012/04/10 22:37:25 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/04/10 21:12:24 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Local\temp
    [2012/04/10 21:12:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/10 20:36:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/10 20:36:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/10 20:36:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/10 20:36:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/10 20:36:38 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/04/10 20:30:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/10 20:25:48 | 004,455,939 | R--- | C] (Swearware) -- C:\Users\Belle\Desktop\ComboFix.exe
    [2012/04/10 15:24:29 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Belle\Desktop\OTL.exe
    [2012/04/09 17:57:01 | 000,000,000 | ---D | C] -- C:\ERDNT
    [2012/04/09 17:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/04/09 17:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/04/09 17:55:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Belle\Desktop\dds.scr
    [2012/04/09 16:55:40 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2012/04/09 16:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
    [2012/04/09 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\IDM
    [2012/04/09 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\DMCache
    [2012/04/09 12:41:56 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    [2012/04/09 12:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    [2012/04/09 12:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
    [2012/04/09 12:40:46 | 004,489,152 | ---- | C] (Tonec Inc.) -- C:\Users\Belle\Desktop\idman610.exe
    [2012/04/09 11:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
    [2012/04/09 11:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
    [2012/04/09 11:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
    [2012/04/09 11:07:03 | 000,000,000 | ---D | C] -- C:\codec-info
    [2012/04/09 11:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2012/04/04 13:13:38 | 000,023,376 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
    [2012/04/04 13:13:26 | 000,546,640 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
    [2012/04/04 13:13:22 | 000,481,104 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
    [2012/04/02 17:32:22 | 000,000,000 | ---D | C] -- C:\Users\Belle\Documents\NetBeansProjects
    [2012/04/02 17:22:19 | 000,000,000 | ---D | C] -- C:\Users\Belle\.m2
    [2012/04/02 17:20:55 | 000,000,000 | ---D | C] -- C:\Users\Belle\.netbeans
    [2012/04/02 17:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
    [2012/04/02 17:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.1.1
    [2012/04/02 17:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/04/02 17:05:57 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
    [2012/04/02 17:05:57 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/04/02 17:05:57 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/04/02 17:05:57 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/04/02 16:44:13 | 000,000,000 | ---D | C] -- C:\Users\Belle\.nbi
    [2012/04/01 11:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/04/01 11:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/04/01 04:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
    [2012/03/29 22:20:13 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\Malwarebytes
    [2012/03/29 22:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/29 22:20:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/03/29 22:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/03/29 22:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/03/29 16:36:48 | 000,072,080 | ---- | C] (iS3, Inc.) -- C:\Windows\System32\drivers\SZKGFS.sys
    [2012/03/16 07:08:36 | 000,091,936 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
    [2012/03/15 08:17:39 | 000,000,000 | ---D | C] -- C:\Users\Belle\Desktop\Agile

    ========== Files - Modified Within 30 Days ==========

    [2012/04/11 16:10:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B4A8E5D0-2834-4498-8E6B-E9DD1D4D46E4}.job
    [2012/04/11 16:07:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7B6FDF8-737B-4CD3-AC18-9B0AFF415412}.job
    [2012/04/11 16:00:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
    [2012/04/11 15:53:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005UA.job
    [2012/04/11 15:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/11 15:08:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/11 15:08:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/11 14:04:31 | 000,000,680 | ---- | M] () -- C:\Users\Belle\AppData\Local\d3d9caps.dat
    [2012/04/11 12:26:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/11 11:53:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005Core.job
    [2012/04/11 11:08:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/11 10:53:31 | 000,056,320 | ---- | M] () -- C:\Users\Belle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/11 10:25:12 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/04/11 08:48:15 | 094,521,641 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2012/04/10 23:22:04 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
    [2012/04/10 23:22:04 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
    [2012/04/10 23:21:46 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2012/04/10 20:26:02 | 004,455,939 | R--- | M] (Swearware) -- C:\Users\Belle\Desktop\ComboFix.exe
    [2012/04/10 17:49:12 | 000,355,579 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2012/04/10 16:38:26 | 000,741,758 | ---- | M] () -- C:\Users\Belle\Desktop\Tuvya Maeir Health Form.pdf
    [2012/04/10 16:03:34 | 000,000,512 | ---- | M] () -- C:\Users\Belle\Documents\MBR.dat
    [2012/04/10 15:33:25 | 000,749,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/04/10 15:33:25 | 000,159,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/04/10 15:24:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Belle\Desktop\OTL.exe
    [2012/04/09 17:56:31 | 000,000,714 | ---- | M] () -- C:\Users\Belle\Desktop\ERUNT.lnk
    [2012/04/09 17:55:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Belle\Desktop\dds.scr
    [2012/04/09 17:29:10 | 000,000,408 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
    [2012/04/09 12:40:58 | 004,489,152 | ---- | M] (Tonec Inc.) -- C:\Users\Belle\Desktop\idman610.exe
    [2012/04/09 11:17:57 | 000,000,237 | ---- | M] () -- C:\user.js
    [2012/04/08 22:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
    [2012/04/05 13:32:52 | 007,131,152 | ---- | M] () -- C:\Users\Belle\Desktop\w_infk15.pdf
    [2012/04/04 13:13:38 | 000,023,376 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
    [2012/04/04 13:13:26 | 000,546,640 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
    [2012/04/04 13:13:22 | 000,481,104 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
    [2012/04/02 17:13:38 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 7.1.1.lnk
    [2012/04/02 17:05:11 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
    [2012/04/02 17:05:11 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2012/04/02 17:05:11 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/04/02 17:05:11 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/04/02 17:05:11 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/04/01 11:32:48 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/03/29 22:20:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/29 16:36:48 | 000,072,080 | ---- | M] (iS3, Inc.) -- C:\Windows\System32\drivers\SZKGFS.sys
    [2012/03/27 14:51:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/03/22 22:23:52 | 000,027,436 | ---- | M] () -- C:\Users\Belle\Desktop\technology%20management%20after.pdf
    [2012/03/22 22:23:45 | 000,037,754 | ---- | M] () -- C:\Users\Belle\Desktop\business%20analyst%20after.pdf

    ========== Files Created - No Company Name ==========

    [2012/04/10 20:36:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/10 20:36:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/10 20:36:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/10 20:36:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/10 20:36:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/10 16:38:26 | 000,741,758 | ---- | C] () -- C:\Users\Belle\Desktop\Tuvya Maeir Health Form.pdf
    [2012/04/10 16:03:34 | 000,000,512 | ---- | C] () -- C:\Users\Belle\Documents\MBR.dat
    [2012/04/09 17:56:31 | 000,000,714 | ---- | C] () -- C:\Users\Belle\Desktop\ERUNT.lnk
    [2012/04/09 17:26:31 | 000,000,408 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
    [2012/04/09 11:17:56 | 000,000,237 | ---- | C] () -- C:\user.js
    [2012/04/05 13:32:15 | 007,131,152 | ---- | C] () -- C:\Users\Belle\Desktop\w_infk15.pdf
    [2012/04/02 17:13:38 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 7.1.1.lnk
    [2012/03/29 22:20:02 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/22 22:23:52 | 000,027,436 | ---- | C] () -- C:\Users\Belle\Desktop\technology%20management%20after.pdf
    [2012/03/22 22:23:45 | 000,037,754 | ---- | C] () -- C:\Users\Belle\Desktop\business%20analyst%20after.pdf
    [2012/02/02 11:06:21 | 000,000,680 | ---- | C] () -- C:\Users\Belle\AppData\Local\d3d9caps.dat
    [2011/09/18 11:28:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
    [2011/04/23 20:20:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
    [2011/04/23 20:20:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
    [2010/09/22 07:51:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    < End of report >

  4. #14
    Security Expert-Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Malwarebytes

    I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
    ----------

    ESET Online Scanner:

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here then click on:
    • Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.


    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
    ----------

    In your next reply please post the logs made by Malwarebytes and ESET online scanner.
    [SIGPIC]http://i1224.photobucket.com/albums/ee380/jeffce74/Bleedingbanner2.jpg[/SIGPIC]

  5. #15
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    First part:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.09.06

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 8.0.6001.19088
    Belle :: MAEIR_NEW [administrator]

    4/12/2012 10:09:02 AM
    mbam-log-2012-04-12 (10-09-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 238332
    Time elapsed: 5 minute(s), 25 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  6. #16
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    Quote Originally Posted by jmaeir View Post
    First part:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.09.06
    (end)

    IGNORE - forgot to update, doing that now

  7. #17
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=6d52e5210fe6144691d196158079cf01
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-04-12 08:33:33
    # local_time=2012-04-12 04:33:33 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6001 NT Service Pack 1
    # compatibility_mode=512 16777215 100 0 99433848 99433848 0 0
    # compatibility_mode=1032 16777213 100 96 0 77310385 0 0
    # compatibility_mode=5892 16776574 100 100 43771722 170861769 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=313129
    # found=3
    # cleaned=0
    # scan_time=8572
    C:\Qoobox\Quarantine\C\Windows\System32\helpsvc.dll.vir Win32/Sirefef.ER trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Windows\System32\drivers\netbt.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

  8. #18
    Security Expert-Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Right-click and Run as Administrator SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      *netbt.sys
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    [SIGPIC]http://i1224.photobucket.com/albums/ee380/jeffce74/Bleedingbanner2.jpg[/SIGPIC]

  9. #19
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.12.08

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 8.0.6001.19088
    Belle :: MAEIR_NEW [administrator]

    4/12/2012 5:25:15 PM
    mbam-log-2012-04-12 (17-25-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 240766
    Time elapsed: 5 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  10. #20
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:52 on 12/04/2012 by Belle
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*netbt.sys"
    C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys --a---- 185856 bytes [11:28 24/09/2009] [04:45 11/04/2009] ECD64230A59CBD93C85F1CD1CAB9F3F6
    C:\Windows\System32\drivers\netbt.sys --a---- 184320 bytes [02:24 21/01/2008] [02:24 21/01/2008] 62A04C5466D64F6E30E730AD49CC81C8
    C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys --a---- 184320 bytes [02:24 21/01/2008] [02:24 21/01/2008] 62A04C5466D64F6E30E730AD49CC81C8

    -= EOF =-

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •