Click.GiftLoad problem

alizaidi · Mar 29, 2011

Hi Bottledisk,

I thought it had removed what it found. Perhaps I sent you the wrong file.

Here's the latest scan results after updating the database:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6199

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/03/2011 02:30:20
mbam-log-2011-03-29 (02-30-20).txt

Scan type: Quick scan
Objects scanned: 205547
Time elapsed: 16 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I'll do the AVG and DDS in the morning.

Thanks for your help!

Blottedisk · Mar 29, 2011

Hi Ali,

The TDSSKiller log shows that the TDSS backdoor/rootkit was removed. However these infections are sometimes difficult to fight and they may trick our tools, respawn, etc. Once you have removed quarantined items from AVG's vault, I'll give you fresh instructions to run Combofix.

alizaidi · Mar 29, 2011

Hi Bottledisk,

Here's DDS:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ali at 15:05:54.48 on 29/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1983.528 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ali\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realone player\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Accessibility Toolbar: {11352a67-0178-46b1-8855-d50b2f81c054} - c:\progra~1\wat_en\ACCESS~1.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "c:\program files\cyberlink\powerbackup\PBKScheduler.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDcyMjk3OTMzLUJBKzEtS1YzKzctWEwrMS1UMy1GUDkyKzYtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwQysy"&"prod=90"&"ver=10.0.1204
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRunOnce: [IETI] c:\program files\skype\phone\ieplugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134145454998
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134145446982
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ali\applic~1\mozilla\firefox\profiles\0d8d87zu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?client=firefox-a&rls=org.mozilla:en-GB

fficial&channel=s&hl=en&source=hp&btnG=Google+Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb978e0&v=6.103.018.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: c:\documents and settings\ali\application data\mozilla\firefox\profiles\0d8d87zu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\real\realone player\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\ali\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\ali\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\ali\application data\mozilla\firefox\profiles\0d8d87zu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdbplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitDefender QuickScanner: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realone player\browserrecord\firefox\ext
FF - Ext: XULRunner: {2BF1D973-3F0C-4464-8A8B-FC00666D9FD2} - c:\documents and settings\ali\local settings\application data\{2BF1D973-3F0C-4464-8A8B-FC00666D9FD2}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-18 64512]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\23945\RapportCerberus_23945.sys [2011-2-28 55224]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-23 54752]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-6 90112]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-10-24 583640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-11-6 27632]
S2 gupdate1c92483d8ac3550;Google Update Service (gupdate1c92483d8ac3550);c:\program files\google\update\GoogleUpdate.exe [2008-10-2 133104]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-3-29 517448]
S3 cpuz;cpuz;\??\f:\qc report ver 3.6\cpuz.sys --> f:\qc report ver 3.6\cpuz.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-11-6 13224]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-16 1405384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-16 15232]
S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-21 89749]
.
=============== Created Last 30 ================
.
2011-03-29 12:45:34 -------- d-----w- c:\docume~1\ali\applic~1\AVG10
2011-03-29 12:30:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2011-03-29 12:28:25 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-27 23:09:47 -------- d-----w- c:\docume~1\ali\applic~1\Malwarebytes
2011-03-27 23:09:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-27 23:09:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-27 23:09:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-27 23:09:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-26 04:25:13 -------- d-----w- C:\_OTM
2011-03-22 15:04:32 -------- d-----w- c:\docume~1\ali\applic~1\AVG
2011-03-18 17:59:48 -------- d-----w- c:\docume~1\ali\locals~1\applic~1\{2BF1D973-3F0C-4464-8A8B-FC00666D9FD2}
2011-03-18 13:59:18 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-18 12:49:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-18 12:41:55 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{870E601A-FE70-4098-94B2-6E9963FCAA51}
2011-03-17 20:27:45 -------- d-----w- c:\docume~1\ali\locals~1\applic~1\Sunbelt Software
2011-03-17 16:34:37 0 ----a-w- c:\windows\Vmeqoqa.bin
.
==================== Find3M ====================
.
.
============= FINISH: 15:08:53.82 ===============

Blottedisk · Mar 29, 2011

Hi Ali,

Please download GooredFix from one of the locations below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select "Run As Administrator" (Vista-W7).
When prompted to run the scan, click Yes.
A log will open, post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Pleas also advise if the redirection issue is still happening.

alizaidi · Mar 29, 2011

Hi Bottledisk,

I started running GooredFix, but while it was doing it, it seemed to crash. I've tried rebooting and trying it again and the same problem occurs. Here's the Log up until it crashed:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:33 on 29/03/2011 (Ali)
Firefox version 3.6.16 (en-GB)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{2BF1D973-3F0C-4464-8A8B-FC00666D9FD2} -> Success!
Deleting C:\Documents and Settings\Ali\Local Settings\Application Data\{2BF1D973-3F0C-4464-8A8B-FC00666D9FD2} -> Success!

And here's the log when I try to restart it:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:49 on 29/03/2011 (Ali)
Firefox version 3.6.16 (en-GB)

========== GooredScan ==========

As for redirection, it hasn't happened yet (but it wasn't something that happened all the time anyway). So I will keep you posted if it does happen again during the course of the day.

Kind Regards,

Ali

P.S. When do you sleep?!

Blottedisk · Mar 29, 2011

Hi Ali

Apparently GooredFix got it, but as it crashed, I'm not entirely sure. Let's try to run Combofix one more time. Please delete your current version of Combofix and AVG Remover. After that, please run the AVG remover tool from AVG site (download AVG Remover 32bit).

http://www.avg.com/us-en/download-tools

Once AVG is uninstalled, please download Combofix from any of the links below and save it to your desktop.

Link 1
Link 2

--------------------------------------------------------------------

Double click on Combofix.exe & follow the prompts.
When finished, it will produce a report for you.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

alizaidi · Mar 30, 2011

Hi Bottledisk,

As I've just switched on my computer I am getting the following error:

Orb.exe - Bad Image
The application or DLL C:\WINDOWS\system32\lspyda.dll is not a valid Windows image. Please check this against your installation diskette.

Do you wish me to continue following your last instructions regardless?

Kind Regards,

Ali

Blottedisk · Mar 30, 2011

Hi Ali,

Thanks for the message, it would help me identifying the malicious files. Please proceed with the Combofix instructions. When finished, please do the following:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

--------------------------------------------------------------------

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
```
:File
C:\WINDOWS\system32\lspyda.dll
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

alizaidi · Mar 30, 2011

Hi Bottledisk,

I started running the AVG remover a few hours ago, and it seems to be still running or frozen.

Should it take this long?

Ali

Blottedisk · Mar 30, 2011

I don't think so.

If you run Combofix now, does the AVG warning pop up?
Can't you just ignore it?

alizaidi · Mar 30, 2011

Hi Bottledisk,

Yes the AVG warning pops up when i run Combofix.

I ran AVG remover once again whilst in safe mode.. think it ran fully this time. I've attached the log.

But still can't run combofix.

Kind Regards,

Ali

Blottedisk · Mar 31, 2011

Hi Ali,

The reason of not being able to run it, is it the AVG warning? If not, the it could be the infection that is preventing this tool from being executed. In case this is the reason, let's do the following:

Please delete your current version of Combofix (right click and send it to the trash). Download a fresh copy from here: http://www.forospyware.com/sUBs/ComboFix.exe

But before saving it to your desktop, rename it as alizaidi.exe. Then proceed with the rest of the instructions.

alizaidi · Mar 31, 2011

Hi Bottledisk,

Combofix doesn't work because of the AVG warning. I tried changing the name and running it but it still comes up with the AVG warning and doesn't give any options to override the warning or ignore it. It just closes itself down.

In the past when I have had this lspyda.dll warning come up before it has been after installing windows updates. When that happened I simply went back to a previous restore point and it resolved itself.

Kind Regards,

Ali

Blottedisk · Mar 31, 2011

Hi Ali,

It's ok. Let's try to remove AVG components from the computer manually.

Please download OTL from one of the following mirrors:

This is THE Mirror

--------------------------------------------------------------------

Save it to your desktop.
Double click on the

icon on your desktop.
Click the "Scan All Users" checkbox.
Push the

button.
Two reports will open, copy and paste them in your next reply:

OTListIt.txt <-- Will be opened
Extras.txt <-- Will be minimized

alizaidi · Mar 31, 2011

Hi Botteldisk,

Here's the OTL:

OTL logfile created on: 31/03/2011 18:45:43 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ali\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 275.08 Gb Total Space | 9.27 Gb Free Space | 3.37% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 8.64 Gb Free Space | 11.59% Space Free | Partition Type: NTFS

Computer Name: DIGITALZENITH | User Name: Ali | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 18:42:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ali\Desktop\OTL.exe
PRC - [2011/03/23 18:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010/10/18 16:04:47 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/03 23:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/06/03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/28 19:15:02 | 002,633,976 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/09/24 15:41:58 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009/09/11 20:38:52 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008/11/13 10:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/07 21:02:54 | 000,495,616 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe
PRC - [2007/11/02 11:53:17 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/09/07 15:44:30 | 003,100,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
PRC - [2007/08/26 14:59:42 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2007/08/02 02:02:12 | 000,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Winamp Remote\bin\Orb.exe
PRC - [2007/02/08 17:13:46 | 000,212,480 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
PRC - [2005/08/12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/07/07 18:08:36 | 000,487,424 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2005/04/14 21:50:12 | 000,262,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2005/03/23 15:34:50 | 001,630,303 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
PRC - [2005/03/11 12:48:54 | 000,217,088 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2005/01/14 19:22:52 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2005/01/14 19:21:46 | 000,110,744 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema\PCMService.exe

========== Modules (SafeList) ==========

MOD - [2011/03/31 18:42:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ali\Desktop\OTL.exe
MOD - [2010/10/03 23:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/03/16 09:05:29 | 001,405,384 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/11/02 11:53:17 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/26 14:59:42 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/08 17:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - [2005/12/11 18:21:25 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

========== Driver Services (SafeList) ==========

DRV - [2011/03/16 09:05:30 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/03/16 09:05:29 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/02/28 21:17:08 | 000,055,224 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys -- (RapportCerberus_23945)
DRV - [2011/02/21 10:10:19 | 000,018,872 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\23645\RapportIaso.sys -- (RapportIaso)
DRV - [2010/10/03 23:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2009/11/08 12:04:23 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/11/06 19:40:27 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/11/06 19:40:27 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/05/08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/02/22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2005/10/29 04:12:31 | 001,391,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/13 17:32:00 | 000,034,816 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/08/26 22:10:20 | 000,108,672 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2005/07/29 10:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 10:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/06/27 18:48:08 | 000,053,504 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2005/04/06 09:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/03/30 12:42:54 | 000,047,230 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/10/27 16:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/10/04 10:33:02 | 000,062,799 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2004/08/13 11:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/08 17:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2004/02/09 15:27:04 | 000,097,857 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\SI3114R.sys -- (SI3114r)
DRV - [2003/11/07 05:00:00 | 000,035,328 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/08/06 10:43:04 | 000,159,744 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/09 16:55:02 | 000,089,749 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2003/02/12 13:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2002/10/16 13:55:48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2083932178-3206288342-1428787073-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2083932178-3206288342-1428787073-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2083932178-3206288342-1428787073-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
IE - HKU\S-1-5-21-2083932178-3206288342-1428787073-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/webhp?client=firefox-a&rls=org.mozilla:en-GB

fficial&channel=s&hl=en&source=hp&btnG=Google+Search"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.18
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d91d101&v=6.011.025.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realone player\browserrecord\firefox\ext [2009/09/11 20:39:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/11 13:07:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 22:44:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 22:44:26 | 000,000,000 | ---D | M]

[2008/12/14 19:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ali\Application Data\Mozilla\Extensions
[2011/03/29 16:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\0d8d87zu.default\extensions
[2010/03/21 15:58:21 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\0d8d87zu.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/04/29 12:41:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\0d8d87zu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/10/20 22:35:23 | 000,000,000 | ---D | M] ("del.icio.us") -- C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\0d8d87zu.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2010/04/29 12:41:48 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\0d8d87zu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/03/29 16:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/11 13:07:35 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009/01/06 11:36:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/11 20:39:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALONE PLAYER\BROWSERRECORD\FIREFOX\EXT
[2007/10/07 18:06:26 | 002,323,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npdbplug.dll
[2010/03/12 10:23:28 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 10:23:28 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 10:23:28 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 10:23:28 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/03/19 13:33:55 | 000,439,132 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15115 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realone player\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Accessibility Toolbar) - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\Program Files\WAT_EN\Accessibility_Toolbar.dll (NILS Accessible Information Solutions)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2083932178-3206288342-1428787073-1007\..\Toolbar\WebBrowser: (&Accessibility Toolbar) - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\Program Files\WAT_EN\Accessibility_Toolbar.dll (NILS Accessible Information Solutions)
O3 - HKU\S-1-5-21-2083932178-3206288342-1428787073-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [RemoteControl] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2083932178-3206288342-1428787073-1007..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKU\S-1-5-21-2083932178-3206288342-1428787073-1007..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKU\S-1-5-21-2083932178-3206288342-1428787073-1007..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-2083932178-3206288342-1428787073-1007..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [IETI] File not found
O4 - HKU\S-1-5-18..\RunOnce: [IETI] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2083932178-3206288342-1428787073-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\LSPYDA.DLL ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134145454998 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134145446982 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/21 14:08:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d6b63dd7-cae6-11de-96e4-0015f2012845}\Shell\AutoRun\command - "" = F:\pccompanion\Startme.exe
O33 - MountPoints2\{d6b63dd7-cae6-11de-96e4-0015f2012845}\Shell\menu1\command - "" = F:\pccompanion\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/31 18:42:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ali\Desktop\OTL.exe
[2011/03/29 21:54:01 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Ali\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/03/29 16:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ali\Desktop\GooredFix Backups
[2011/03/29 16:31:29 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Ali\Desktop\GooredFix.exe
[2011/03/29 13:14:19 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Ali\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/03/28 00:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ali\Application Data\Malwarebytes
[2011/03/28 00:09:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/28 00:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/28 00:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/28 00:09:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/28 00:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/28 00:06:09 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ali\Desktop\mbam-setup.exe
[2011/03/26 05:25:13 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/03/26 05:13:02 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ali\Desktop\OTM.exe
[2011/03/26 03:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ali\Desktop\tdsskiller
[2011/03/26 02:01:13 | 006,238,248 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Ali\Desktop\AppRemover.exe
[2011/03/26 00:19:54 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/03/25 21:48:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/22 16:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ali\Application Data\AVG
[2011/03/22 15:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/03/21 22:39:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/21 22:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/03/21 22:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/21 22:35:58 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Ali\Desktop\erunt-setup.exe
[2011/03/18 13:49:25 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/03/18 13:41:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{870E601A-FE70-4098-94B2-6E9963FCAA51}
[2011/03/18 13:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/03/18 13:38:22 | 125,125,640 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Ali\Desktop\Ad-Aware90Install_2011-03-16.exe
[2011/03/17 21:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ali\Local Settings\Application Data\Sunbelt Software
[2011/03/17 18:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/17 17:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/17 17:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/11/06 19:16:37 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe1C4.dll
[2009/11/06 17:57:57 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpeC2.dll

========== Files - Modified Within 30 Days ==========

[2011/03/31 18:47:26 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E7768698-0A6D-4F3D-BACA-93519E0D4694}.job
[2011/03/31 18:42:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ali\Desktop\OTL.exe
[2011/03/31 18:09:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/31 16:09:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/31 13:53:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/31 13:41:51 | 004,310,402 | R--- | M] () -- C:\Documents and Settings\Ali\Desktop\alizaidi.exe
[2011/03/31 13:28:54 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/31 13:28:54 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/03/31 13:16:06 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\tasks\VJQS.job
[2011/03/31 13:16:06 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\pjoqjlguk.job
[2011/03/31 13:15:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/31 13:15:46 | 2079,707,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/30 23:47:09 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/03/30 23:44:17 | 000,041,529 | ---- | M] () -- C:\Documents and Settings\Ali\Desktop\avgremover.zip
[2011/03/30 19:37:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ali\Local Settings\Application Data\prvlcl.dat
[2011/03/30 19:19:20 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\LSPYDA.DLL
[2011/03/29 21:54:02 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Ali\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/03/29 16:31:29 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Ali\Desktop\GooredFix.exe
[2011/03/29 13:14:21 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Ali\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/03/28 13:34:30 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
[2011/03/28 13:07:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/28 00:09:41 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/28 00:06:12 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ali\Desktop\mbam-setup.exe
[2011/03/27 11:11:15 | 000,621,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/27 11:11:14 | 000,142,502 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 05:13:04 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ali\Desktop\OTM.exe
[2011/03/26 05:11:18 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Ali\Desktop\SystemLook.exe
[2011/03/26 04:11:08 | 000,101,914 | ---- | M] () -- C:\Documents and Settings\Ali\Desktop\gmer.zip
[2011/03/26 03:01:47 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Ali\Desktop\tdsskiller.zip
[2011/03/26 02:01:26 | 006,238,248 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Ali\Desktop\AppRemover.exe
[2011/03/26 01:34:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/23 23:19:17 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Ali\Desktop\oyhmucpo.exe
[2011/03/22 15:55:11 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Ali\Desktop\AVG PC Tuneup 2011.lnk
[2011/03/21 22:38:45 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Ali\Desktop\ERUNT.lnk
[2011/03/21 22:32:24 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Ali\Desktop\dds.com
[2011/03/21 22:31:50 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Ali\Desktop\erunt-setup.exe
[2011/03/21 18:18:02 | 000,227,328 | ---- | M] () -- C:\Documents and Settings\Ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/19 13:33:55 | 000,439,132 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/18 19:42:18 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/03/18 18:59:51 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Njaxi.dat
[2011/03/18 18:59:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vmeqoqa.bin
[2011/03/18 13:41:53 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/18 13:41:53 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/03/18 13:38:36 | 125,125,640 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Ali\Desktop\Ad-Aware90Install_2011-03-16.exe
[2011/03/17 21:38:07 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/03/16 09:05:30 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/03/16 09:05:29 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/03/09 16:30:21 | 000,000,321 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
[2011/03/08 23:31:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/03/31 13:41:33 | 004,310,402 | R--- | C] () -- C:\Documents and Settings\Ali\Desktop\alizaidi.exe
[2011/03/30 23:49:43 | 2079,707,136 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/30 23:44:17 | 000,041,529 | ---- | C] () -- C:\Documents and Settings\Ali\Desktop\avgremover.zip
[2011/03/30 19:19:20 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\LSPYDA.DLL
[2011/03/28 00:09:41 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/26 05:11:17 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Ali\Desktop\SystemLook.exe
[2011/03/26 03:01:44 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Ali\Desktop\tdsskiller.zip
[2011/03/26 00:30:42 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk
[2011/03/25 21:59:39 | 000,101,914 | ---- | C] () -- C:\Documents and Settings\Ali\Desktop\gmer.zip
[2011/03/23 23:19:16 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Ali\Desktop\oyhmucpo.exe
[2011/03/22 15:55:11 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Ali\Desktop\AVG PC Tuneup 2011.lnk
[2011/03/21 22:41:04 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Ali\Desktop\dds.com
[2011/03/21 22:38:45 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Ali\Desktop\ERUNT.lnk
[2011/03/18 14:59:18 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/03/18 13:41:53 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/18 13:41:53 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/03/17 17:51:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/17 17:34:37 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Njaxi.dat
[2011/03/17 17:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vmeqoqa.bin
[2011/03/17 17:31:13 | 000,000,318 | -HS- | C] () -- C:\WINDOWS\tasks\VJQS.job
[2011/03/17 17:31:13 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\pjoqjlguk.job
[2011/02/25 14:47:07 | 000,000,321 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2010/10/24 16:59:59 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/06/18 19:10:45 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 13:05:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ali\Local Settings\Application Data\prvlcl.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/01/15 13:17:44 | 000,000,154 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/06 11:35:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/03/23 09:28:04 | 000,222,792 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/02/24 23:22:42 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2008/02/11 01:33:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/10/15 21:10:52 | 000,000,805 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/10/08 12:30:19 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\MP4 to AVI WMV DVD Converter&Burner_sysquict.dat
[2007/10/07 18:06:26 | 002,323,952 | ---- | C] () -- C:\WINDOWS\npdbplug.dll
[2007/10/07 18:06:26 | 000,973,280 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2007/10/07 18:06:26 | 000,274,480 | ---- | C] () -- C:\WINDOWS\System32\dbxDgrevCheck.dll
[2007/10/07 18:06:26 | 000,172,112 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2007/08/29 17:18:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTRDF14N.INI
[2007/08/29 17:14:40 | 000,000,042 | ---- | C] () -- C:\WINDOWS\PCSPATS.DAT
[2007/08/12 16:53:35 | 000,000,066 | ---- | C] () -- C:\WINDOWS\#1 Video Converter.INI
[2007/08/08 18:03:04 | 000,000,047 | ---- | C] () -- C:\WINDOWS\bsm.ini
[2007/06/06 17:06:54 | 000,443,368 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/12/07 12:46:21 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\$_hpcst$.hpc
[2006/11/13 14:26:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/11/06 01:25:16 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Ali\Application Data\$_hpcst$.hpc
[2006/07/15 23:22:57 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2006/07/15 20:53:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/04/06 01:02:35 | 000,000,905 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/24 00:48:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ali\Application Data\wklnhst.dat
[2005/12/11 12:14:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/11 02:14:56 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/12/11 02:14:36 | 000,002,925 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/12/10 18:44:14 | 000,227,328 | ---- | C] () -- C:\Documents and Settings\Ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/08 16:26:00 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Ali\Local Settings\Application Data\fusioncache.dat
[2005/12/06 15:35:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/06 14:02:16 | 000,000,278 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2005/12/06 10:29:27 | 000,000,150 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2005/12/06 10:29:08 | 000,019,280 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/12/06 10:29:06 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/12/06 02:08:26 | 000,110,293 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/12/05 18:20:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/05 18:12:30 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2004/12/02 15:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/22 10:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/21 21:54:09 | 000,004,476 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/21 21:53:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/21 21:53:32 | 000,621,434 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/21 21:53:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/21 21:53:32 | 000,142,502 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/21 21:53:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/21 21:53:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/21 21:53:30 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/21 21:53:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/21 21:53:22 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/21 21:53:22 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/21 21:53:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/21 21:53:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/21 15:01:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/21 15:00:24 | 003,610,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/21 14:36:15 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/21 14:12:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/21 14:10:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/21 14:05:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/21 14:04:53 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2004/08/21 14:04:53 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2004/08/21 14:04:37 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2004/08/21 14:04:37 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2004/08/21 14:04:36 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2004/08/21 14:04:36 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/29 15:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2003/02/06 02:51:34 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2003/01/07 20:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 5904 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 353 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

1B5B4F1

< End of report >

Extras attached.

Blottedisk · Apr 1, 2011

Hi Ali,

We Need to Diagnose a Possible Problem with WGA.

Please download MGADiag.exe and save it to your desktop.
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in. Save this file and post it in your next reply.

alizaidi · Apr 1, 2011

Hi Bottledisk,

Here you go.

Ali

Blottedisk · Apr 1, 2011

Hi Ali,

Thanks for the log. Please follow these steps:

Step 1 | Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d91d101&v=6.011.025.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
@Alternate Data Stream - 5904 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc

:Reg

:Files
C:\Documents and Settings\Ali\Desktop\avg_remover_stf_x86_2011_1184.exe
C:\Documents and Settings\Ali\Desktop\avg_free_stb_all_2011_1204_cnet.exe
C:\Documents and Settings\Ali\Application Data\AVG
C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
C:\Documents and Settings\Ali\Desktop\avgremover.zip

:Commands
[purity]
[EmptyFlash]
[emptytemp]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot when it is done.
It will produce a log for you on reboot, please post that log in your next reply.

Step 2 | Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

--------------------------------------------------------------------

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
```
:dir
C:\Windows\System32\%APPDATA% /noexpand /s
:env
%appdata%
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Step 3 | Please try to run Combofix now with instructions from my previous post.

alizaidi · Apr 1, 2011

Hi Bottledisk,

Thanks for getting back to me.

I've just tried running OTL, and it won't run. I get an error saying:

"Windows cannot access the specified dvice, path or file. You may not have the appropriate permissions to access the item."

I've tried deleting it and downkloading it again, I've also tried changing the name of the file before trying to run. still with no luck.

Kind Regards,

Ali

Blottedisk · Apr 1, 2011

Hi Ali,

It's most probable AVG interfering with OTL. Please do the following:

Step 1 | Please complete step 2 from my previous post.

Step 2 | Please open Notepad

Copy and Paste everything from the Code Box below into Notepad:

Code:

@Echo off
rd /s/q "C:\Documents and Settings\Ali\Application Data\AVG"
rd /s/q "C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011"
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v AvgUninstallURL /f
REG DELETE "HKCR\SOFTWARE\PROTOCOLS\Handler\avgsecuritytoolbar" /v F2DDE6B2-9684-4A55-86D4-E255E237B77C /f
del %0

Go to File >> Save As
Save File name as runme.bat
Change Save as Type to All Files and save the file to your Desktop.
Now double click on the desktop runme.bat to run the batch file. It will self-delete when completed.

Can you run Combofix now?

Click.GiftLoad problem

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team