|
-
August 14th, 2010, 08:21 PM
#1
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
-
August 14th, 2010, 10:12 PM
#2
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd
Kernel Drivers (total 149):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75B6000 imagesrv.sys
0xF7596000 fltmgr.sys
0xF7568000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7557000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 PCIIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7607000 MountMgr.sys
0xF7498000 ftdisk.sys
0xF798D000 dmload.sys
0xF7472000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF745A000 atapi.sys
0xF798F000 imagedrv.sys
0xF7442000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7430000 sr.sys
0xF785E000 PCTCore.sys
0xF7647000 PxHelp20.sys
0xF7419000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7831000 NDIS.sys
0xF796D000 Mup.sys
0xF7657000 avgrkx86.sys
0xF7667000 agp440.sys
0xBA730000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB97C2000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB97AE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF777F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB978A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7787000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9633000 \SystemRoot\system32\drivers\P17.sys
0xB960F000 \SystemRoot\system32\drivers\portcls.sys
0xBA720000 \SystemRoot\system32\drivers\drmk.sys
0xB95EC000 \SystemRoot\system32\drivers\ks.sys
0xB95BC000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0xB9596000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0xB9584000 \SystemRoot\system32\DRIVERS\el90xbc5.sys
0xB952F000 \SystemRoot\system32\DRIVERS\es56tpi.sys
0xF778F000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA710000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA7B0000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7797000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB951B000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA700000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA6F0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7697000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF79A9000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF779F000 \SystemRoot\system32\drivers\InCDPass.sys
0xBA08D000 \SystemRoot\system32\drivers\InCDRm.sys
0xB9E06000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA07D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA794000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB94DC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA06D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA05D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB94CB000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA04D000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB949B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA03D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79AB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB943D000 \SystemRoot\system32\DRIVERS\update.sys
0xBA6DC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA01D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA00D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79AD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77CF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF76A7000 \??\C:\Program Files\Max Spyware Detector\MaxProc.sys
0xF76B7000 \??\C:\Program Files\Max Spyware Detector\SDManager.sys
0xF79AF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA0BE000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77DF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF77E7000 \SystemRoot\System32\drivers\vga.sys
0xF79B3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA7C4000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xB6D0A000 \SystemRoot\system32\drivers\InCDFs.sys
0xF77EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77F7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA7C0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6CF7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6C9E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6C64000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB6C3E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB9503000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB6BEE000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6BCC000 \SystemRoot\System32\drivers\afd.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB6BAB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF780F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB6B80000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6B10000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7547000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7817000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB6ADC000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF781F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB9439000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7537000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7527000 \SystemRoot\System32\Drivers\LEqdUsb.Sys
0xF7517000 \SystemRoot\System32\Drivers\WDFLDR.SYS
0xB6A61000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB6A28000 \SystemRoot\system32\DRIVERS\CamDrL21.sys
0xF7507000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF772F000 \SystemRoot\system32\DRIVERS\USBCAMD.SYS
0xB69F7000 \SystemRoot\system32\DRIVERS\lvsvf.dll
0xF74F7000 \SystemRoot\system32\drivers\usbaudio.sys
0xB942D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB9429000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7A59000 \SystemRoot\System32\Drivers\LHidEqd.Sys
0xF7737000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xF773F000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xF74C7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6E60000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7747000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A83000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF76C7000 \??\C:\Program Files\Max Spyware Detector\MaxProtector.sys
0xB65CF000 \SystemRoot\System32\Drivers\DefragFS.SYS
0xB661C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF7777000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xB6E2C000 \SystemRoot\system32\DRIVERS\purendis.sys
0xF79F5000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB61D6000 \SystemRoot\System32\Drivers\adfs.SYS
0xF7A87000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xB612F000 \SystemRoot\system32\DRIVERS\srv.sys
0xB5D73000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB5AB2000 \SystemRoot\System32\Drivers\HTTP.sys
0xB5985000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6DB4000 \SystemRoot\system32\drivers\sysaudio.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 40):
0 System Idle Process
4 System
628 C:\WINDOWS\system32\smss.exe
720 csrss.exe
752 C:\WINDOWS\system32\winlogon.exe
828 C:\WINDOWS\system32\services.exe
840 C:\WINDOWS\system32\lsass.exe
1004 C:\WINDOWS\system32\svchost.exe
1068 svchost.exe
1144 C:\WINDOWS\system32\svchost.exe
1384 C:\Program Files\AVG\AVG9\avgchsvx.exe
1392 C:\Program Files\AVG\AVG9\avgrsx.exe
1576 C:\WINDOWS\system32\spoolsv.exe
1656 C:\Program Files\AVG\AVG9\avgcsrvx.exe
796 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1116 C:\WINDOWS\system32\CTSVCCDA.EXE
1236 C:\Program Files\Java\jre6\bin\jqs.exe
1404 C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
1564 C:\WINDOWS\system32\nvsvc32.exe
1712 C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
356 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2120 C:\Program Files\AVG\AVG9\avgemc.exe
2148 C:\Program Files\AVG\AVG9\avgam.exe
2224 C:\Program Files\AVG\AVG9\avgnsx.exe
2296 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2940 C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
3100 svchost.exe
3228 alg.exe
4076 C:\WINDOWS\explorer.exe
700 C:\WINDOWS\system32\svchost.exe
3616 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
1512 C:\Program Files\Garmin\MyGarminAgent\myGarminAgent.exe
3720 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2008 C:\Program Files\Logitech\SetPoint\SetPoint.exe
2688 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
2980 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1940 C:\Documents and Settings\Paul\Desktop\tmail.exe
820 C:\WINDOWS\system32\svchost.exe
2552 wmiprvse.exe
3580 C:\Documents and Settings\Paul\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500AAJB-00J3A0, Rev: 01.03E01
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
-
August 14th, 2010, 10:26 PM
#3
That looks good 
Uninstall Max Spyware Detector (if listed). Rogue program.
Uninstall Safe Returner (if listed). Worthless.
Uninstall Uniblue RegCure (if listed).
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/...eaking_13.html
=================================================================================
1. Please open Notepad- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\SecSigDB.BIN
c:\windows\system32\NameDB.BIN
C:\SZKGFS.dat
c:\documents and settings\All Users\Application Data\Max Secure\Max Spyware Detector\SysSD.dll
c:\windows\Tasks\RegCure Program Check.job
c:\windows\Tasks\RegCure.job
Folder::
c:\program files\Max Spyware Detector
c:\documents and settings\All Users\Application Data\SITEguard
c:\program files\Common Files\iS3
c:\documents and settings\All Users\Application Data\STOPzilla!
c:\documents and settings\Paul\Application Data\SafeReturner
c:\program files\Safe Returner
c:\program files\Uniblue
c:\documents and settings\Paul\Application Data\Uniblue
c:\program files\RegCure
Driver::
MaxProc
MaxProtector
MaxWatchDogService
MaxNPF
MaxDSrv
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MaxDSrv]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MaxWatchDogService"=-
"MaxDSrv"=-
3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
-
August 16th, 2010, 04:32 PM
#4
Friends reply:
I'm not really sure what I am supposed to do here , it won't save as a CFScript.txt in notepad ?
He did run it though and says it seems to have fixed it . 
-
August 16th, 2010, 07:17 PM
#5
He did run it though and says it seems to have fixed it .
??
-
August 16th, 2010, 07:55 PM
#6
Yes , and he did say it seemed to fix it .
-
August 16th, 2010, 08:11 PM
#7
Nothing is solved, until a whole cleaning process is done.
If he even didn't run my script, his computer is heavily infected.
-
August 17th, 2010, 11:45 AM
#8
He was not able to disabe AVG
ComboFix 10-08-14.02 - Paul 08/17/2010 11:08:38.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3710.3124 [GMT -4:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Paul\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\documents and settings\All Users\Application Data\Max Secure\Max Spyware"
"C:\SZKGFS.dat"
"c:\windows\system32\NameDB.BIN"
"c:\windows\system32\SecSigDB.BIN"
"c:\windows\Tasks\RegCure Program Check.job"
"c:\windows\Tasks\RegCure.job"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RegCure
c:\program files\RegCure\0_days.htm
c:\program files\RegCure\1_days.htm
c:\program files\RegCure\15_days.htm
c:\program files\RegCure\2_days.htm
c:\program files\RegCure\30_days.htm
c:\program files\RegCure\5_days.htm
c:\program files\RegCure\Animated-Bar.gif
c:\program files\RegCure\AutoUpdate.dll
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31.bak
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31.reg
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\100.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\101.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\102.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\103.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\104.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\105.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\106.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\107.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\108.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\109.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\10A.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\10B.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\10C.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\10D.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\F3.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\F4.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\F5.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\F6.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\F7.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\F8.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\F9.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\FA.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\FB.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\FC.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\FD.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\FE.tmp
c:\program files\RegCure\Backup\RegCureBak_August_16_10_10_44_31\FF.tmp
c:\program files\RegCure\blue_duo.jpg
c:\program files\RegCure\buttonfill.jpg
c:\program files\RegCure\buttonfill_expire.jpg
c:\program files\RegCure\buttonfill_mo.jpg
c:\program files\RegCure\buttonfill_mo_expire.jpg
c:\program files\RegCure\BuyNags.htm
c:\program files\RegCure\center_gradient.jpg
c:\program files\RegCure\container_content_bkimg.gif
c:\program files\RegCure\container_content_leftimg.gif
c:\program files\RegCure\container_content_rightimg.gif
c:\program files\RegCure\contentwrapper.gif
c:\program files\RegCure\email.htm
c:\program files\RegCure\expire.css
c:\program files\RegCure\footerbar.gif
c:\program files\RegCure\green_duo.jpg
c:\program files\RegCure\info_bubble.jpg
c:\program files\RegCure\left_gradient.jpg
c:\program files\RegCure\logo.jpg
c:\program files\RegCure\Logs\RegCure-16-08-10-10-44-31.zip
c:\program files\RegCure\Logs\SystemInfo.zip
c:\program files\RegCure\LogSettings.xml
c:\program files\RegCure\main.css
c:\program files\RegCure\main_nag.css
c:\program files\RegCure\main_showstats.css
c:\program files\RegCure\package_titlebar_bkimg.jpg
c:\program files\RegCure\process-animation.gif
c:\program files\RegCure\RegCure.exe
c:\program files\RegCure\regcure.gif
c:\program files\RegCure\right_gradient.jpg
c:\program files\RegCure\settings.xml
c:\program files\RegCure\showstats.htm
c:\program files\RegCure\small_vbxregcure.jpg
c:\program files\RegCure\special_offer.jpg
c:\program files\RegCure\special_offer_nag.jpg
c:\program files\RegCure\subtitlebar.gif
c:\program files\RegCure\tile_titlebar.jpg
c:\program files\RegCure\titlebar_left.jpg
c:\program files\RegCure\titlebar_right.jpg
c:\program files\RegCure\tp.css
c:\program files\RegCure\TrialPay.htm
c:\program files\RegCure\underline.gif
c:\program files\RegCure\uninst.exe
c:\program files\RegCure\zlibwapi.dll
c:\windows\Tasks\RegCure Program Check.job
c:\windows\Tasks\RegCure.job
.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.
2010-08-14 12:13 . 2010-08-14 12:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-08-13 00:00 . 2010-08-13 00:02 -------- d-----w- C:\6a90c1337582c2e567f20e
2010-08-12 10:45 . 2010-08-12 10:45 -------- d-----w- c:\program files\Trend Micro
2010-08-12 03:10 . 2010-08-12 03:10 433384 ------w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-11 18:25 . 2010-08-11 18:40 -------- d-----w- c:\documents and settings\Paul\Application Data\GARMIN
2010-08-11 18:25 . 2010-08-11 18:25 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-08-11 13:04 . 2010-08-11 13:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-10 04:17 . 2010-08-10 04:17 -------- d-----w- c:\program files\Pure Networks
2010-08-10 04:16 . 2010-08-10 03:52 34226736 ------w- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2010-08-04 03:01 . 2010-08-04 03:04 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-18 16:27 . 2010-07-18 16:27 65536 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\FotoCanvasLitePMFolderShortcut.exe
2010-07-18 16:27 . 2010-07-18 16:27 65536 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\FotoCanvasLiteDesktopShortcut.exe
2010-07-18 16:27 . 2010-07-18 16:27 61440 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\ACDSeePMFolderShortcut.exe
2010-07-18 16:27 . 2010-07-18 16:27 61440 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\ACDSeeDesktopShortcut.exe
2010-07-18 16:27 . 2010-07-18 16:27 15150 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\PowerPackNow.exe
2010-07-18 16:27 . 2010-07-18 16:27 15150 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\ACDSeeNowShortcut.exe
2010-07-18 16:27 . 2010-07-18 16:27 12062 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\ARPPRODUCTICON.exe
2010-07-18 16:27 . 2010-07-18 16:27 -------- d-----w- c:\program files\ACD Systems
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 03:01 . 2010-02-09 01:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-17 02:55 . 2010-02-19 23:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-17 02:55 . 2010-06-20 23:38 -------- d-----w- c:\program files\Spyware Doctor
2010-08-16 03:01 . 2010-02-08 21:49 -------- d-----w- c:\program files\G-Zapper
2010-08-15 03:12 . 2010-02-09 13:30 123 ----a-w- c:\documents and settings\All Users\Application Data\Max Secure\Max Spyware Detector\SysSD.dll
2010-08-11 18:25 . 2010-02-21 16:54 -------- d-----w- c:\program files\Garmin
2010-08-11 00:21 . 2010-06-27 16:25 201649 ------w- c:\windows\Photo Pos Pro Uninstaller.exe
2010-08-11 00:21 . 2010-06-27 16:25 -------- d-----w- c:\program files\Photo Pos Pro
2010-08-11 00:05 . 2010-02-09 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-10 23:58 . 2010-02-08 21:04 75872 ------w- c:\documents and settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 23:36 . 2010-02-09 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-10 23:36 . 2010-02-09 04:33 -------- d-----w- c:\program files\CCleaner
2010-08-10 04:17 . 2010-02-09 13:17 8892928 ------w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-08-10 03:53 . 2010-02-28 20:56 -------- d-----w- c:\program files\ClocX
2010-08-07 13:43 . 2010-02-08 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-05 04:31 . 2010-06-13 23:08 -------- d-----r- c:\program files\Skype
2010-08-04 05:05 . 2010-02-08 18:46 -------- d-----w- c:\program files\Common Files\Webroot Shared
2010-07-23 21:38 . 2010-06-13 23:09 -------- d-----w- c:\documents and settings\Paul\Application Data\Skype
2010-07-23 21:37 . 2010-06-13 23:11 -------- d-----w- c:\documents and settings\Paul\Application Data\skypePM
2010-07-18 16:27 . 2010-02-09 12:12 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-07-18 02:52 . 2010-07-18 02:52 -------- d-----w- c:\program files\OSS
2010-06-30 12:31 . 2006-02-28 12:00 149504 ------w- c:\windows\system32\schannel.dll
2010-06-27 16:25 . 2010-06-27 16:25 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-06-24 12:22 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-22 19:23 . 2010-02-08 19:45 243024 ------w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 19:23 . 2010-06-22 19:23 12536 ------w- c:\windows\system32\avgrsstx.dll
2010-06-22 19:23 . 2010-02-08 19:45 216400 ------w- c:\windows\system32\drivers\avgldx86.sys
2010-06-21 15:27 . 2006-02-28 12:00 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-20 23:39 . 2010-06-20 23:38 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-20 23:38 . 2010-06-20 23:38 -------- d-----w- c:\documents and settings\Paul\Application Data\PC Tools
2010-06-20 23:38 . 2010-06-20 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-20 03:08 . 2010-06-20 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-06-20 02:57 . 2010-06-20 02:57 -------- d-----w- c:\program files\Adobe Media Player
2010-06-20 02:55 . 2010-06-20 02:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-20 02:52 . 2010-06-20 02:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-19 10:38 . 2010-06-19 10:38 -------- d-----w- c:\program files\Canon
2010-06-17 14:03 . 2006-02-28 12:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-17 13:51 . 2010-02-20 04:10 117760 ------w- c:\documents and settings\Paul\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-14 14:31 . 2010-02-08 20:39 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 09:57 . 2010-04-06 10:10 528384 ------w- c:\windows\system32\PosGRP.dll
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ------w- c:\windows\system32\msxml3.dll
2010-06-13 23:11 . 2010-06-13 23:11 56 ------w- c:\windows\system32\ezsidmv.dat
2010-06-01 19:58 . 2010-02-08 19:45 29584 ------w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 15:58 . 2010-04-06 10:10 53248 ------w- c:\windows\system32\PosTBsknLib.dll
2010-05-27 15:44 . 2010-05-27 15:44 237320 ------w- c:\windows\system32\PDBoot.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-14_23.23.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-17 13:34 . 2010-08-17 13:34 16384 c:\windows\Temp\Perflib_Perfdata_468.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"G-Zapper"="c:\program files\G-Zapper\GZapper 2.5.EXE" [2008-06-25 1175628]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-8 813584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 19:23 12536 ------w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ------w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
-
August 17th, 2010, 11:46 AM
#9
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Firefox Preloader.lnk]
backup=c:\windows\pss\Firefox Preloader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Paul^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Paul^Start Menu^Programs^Startup^desktop.ini]
path=c:\documents and settings\Paul\Start Menu\Programs\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Paul^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ------w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-04-04 19:41 970752 ------w- c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-10-09 16:28 139264 ------w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2005-10-31 18:51 57344 ------w- c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-11-07 18:36 196608 ------w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 14:54 150016 ------w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCalendar]
2008-03-16 00:23 2774528 ------w- c:\program files\Desksware\Desktop iCal\Calendar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-07-25 20:55 1043968 ------w- c:\program files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-06-20 23:57 1287120 ------w- c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 23:32 155648 ------w- c:\program files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 23:31 61440 ------w- c:\program files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 22:54 127022 ------w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 19:39 437584 ------w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]
2010-03-16 13:36 337256 ------w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ------w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 19:48 647216 ------w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 22:01 86016 ------w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ------w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-03-29 12:29 2012912 ------w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2003-08-04 13:00 196096 ------w- c:\program files\Webroot\Washer\wwDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Browser Defender Update Service"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MBAMService"=2 (0x2)
"LBTServ"=3 (0x3)
"InCDsrv"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ABCSpell Helper Service"=2 (0x2)
"WebClient"=3 (0x3)
"VSS"=3 (0x3)
"SCardSvr"=3 (0x3)
"RDSessMgr"=3 (0x3)
"Netlogon"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/8/2010 3:45 PM 52872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/20/2010 7:38 PM 218592]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/8/2010 3:45 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/8/2010 3:45 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/22/2010 3:23 PM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/22/2010 3:23 PM 308136]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/8/2010 11:07 PM 10384]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 12:55 PM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 12:55 PM 10384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/16/2010 6:28 AM 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/8/2010 8:31 PM 20952]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/8/2010 8:32 PM 304464]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/20/2010 7:38 PM 366840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 10:28]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 10:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: phonedetective.com\www
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 11:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Paul\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Paul\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-08-17 11:18:54
ComboFix-quarantined-files.txt 2010-08-17 15:18
ComboFix2.txt 2010-08-15 03:49
ComboFix3.txt 2010-08-14 23:26
Pre-Run: 227,875,721,216 bytes free
Post-Run: 227,863,339,008 bytes free
- - End Of File - - 663C50031E03AD4F4112BBC8B04D5020
-
August 17th, 2010, 04:29 PM
#10
It looks good now
How is redirection?
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
================================================================
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
August 17th, 2010, 08:16 PM
#11
"Still redirecting , better but still something in there ."
OTL logfile created on: 8/17/2010 7:33:47 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 212.64 Gb Free Space | 91.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ZED
Current User Name: Paul
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/17 19:30:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2010/07/20 17:14:07 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/06/22 15:23:28 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/22 15:23:26 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 15:23:25 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/22 15:23:24 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 15:23:16 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/22 15:23:15 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/22 15:23:14 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/05/27 11:44:26 | 001,565,960 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
PRC - [2010/05/27 11:44:16 | 001,471,752 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/06/25 00:56:50 | 001,175,628 | ---- | M] () -- C:\Program Files\G-Zapper\GZapper 2.5.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/12 10:31:54 | 000,121,856 | ---- | M] (Tom Grandgent) -- C:\Documents and Settings\Paul\Desktop\tmail.exe
========== Modules (SafeList) ==========
MOD - [2010/08/17 19:30:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/20 13:25:22 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2009/07/12 05:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/07/20 17:14:07 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/22 15:23:24 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/19 22:52:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/27 11:44:26 | 001,565,960 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2010/05/27 11:44:16 | 001,471,752 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/07/26 15:46:38 | 000,073,728 | ---- | M] (ISOTA, LLC.) [Disabled | Stopped] -- C:\Program Files\Isota\ABCSpell\ABCSpellService.exe -- (ABCSpell Helper Service)
SRV - [2006/07/25 16:54:54 | 000,849,408 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Paul\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/22 15:23:27 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 15:23:16 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/01 15:58:04 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/29 17:12:11 | 000,006,912 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/16 16:23:35 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2010/04/16 16:23:35 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/04/16 16:23:35 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/04/16 16:22:04 | 000,074,338 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90XBC)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/04 16:52:43 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/22 12:33:08 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/05/16 18:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/07/25 16:54:02 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2006/07/25 16:52:46 | 000,031,488 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006/07/25 16:51:56 | 000,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/08/15 13:08:26 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005/08/15 13:08:26 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2002/12/10 18:53:24 | 000,236,121 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2002/05/21 05:50:00 | 000,013,060 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)
DRV - [2001/08/17 09:28:04 | 000,347,550 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es56tpi.sys -- (Edspport)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:0.6.0.8
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.8.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
-
August 17th, 2010, 08:19 PM
#12
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/07 09:42:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 09:49:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/28 18:26:19 | 000,000,000 | ---D | M]
[2010/02/08 17:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2010/08/17 19:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions
[2010/02/08 17:38:00 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/02/08 18:43:22 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/02/11 11:50:05 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/05/09 13:20:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/22 15:30:03 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/05/04 15:42:31 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2010/08/17 19:30:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/20 18:09:40 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/06/17 10:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/02/12 15:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/06 19:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\[email protected]
[2010/02/22 15:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\[email protected]
[2010/08/17 19:30:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/08/17 11:32:12 | 000,000,091 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 www.google-analytics.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [G-Zapper] C:\Program Files\G-Zapper\GZapper 2.5.E File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: phonedetective.com ([www] https in Trusted sites)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...5111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.44 213.109.75.130 1.1.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/29 17:13:23 | 000,000,300 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
-
August 17th, 2010, 08:20 PM
#13
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (847019090378752)
========== Files/Folders - Created Within 90 Days ==========
[2010/08/17 19:30:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/08/17 11:23:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/14 19:16:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/14 19:09:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/14 08:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/08/14 08:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/08/13 10:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\Sounds
[2010/08/12 20:00:35 | 000,000,000 | ---D | C] -- C:\6a90c1337582c2e567f20e
[2010/08/12 06:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/11 14:39:40 | 003,205,656 | ---- | C] (Garmin International) -- C:\Documents and Settings\Paul\My Documents\garminmapupdater_naeu_g.exe
[2010/08/11 14:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\GARMIN
[2010/08/11 14:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2010/08/11 14:24:35 | 006,440,112 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Paul\Desktop\Communicator.exe
[2010/08/10 19:36:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul\Recent
[2010/08/10 00:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2010/08/07 09:33:32 | 002,133,040 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Paul\My Documents\avg_avw_stb_all_9_115.exe
[2010/08/03 23:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/07/24 10:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\My Pictures
[2010/07/23 18:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\My Pics
[2010/07/18 12:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2010/07/17 22:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\OSS
[2010/07/14 09:41:31 | 000,000,000 | ---D | C] -- C:\00c5da6a8598ca1b77
[2010/07/05 09:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\Adobe Photoshop Lightroom 3
[2010/06/27 12:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Thraex Software
[2010/06/27 12:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Pos Pro
[2010/06/22 15:23:25 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/20 19:39:18 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0651.old
[2010/06/20 19:39:18 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0652.old
[2010/06/20 19:38:54 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/20 19:38:41 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/20 19:38:41 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/20 19:38:32 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/20 19:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/20 19:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/20 19:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\PC Tools
[2010/06/20 19:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/19 23:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/06/19 22:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/19 22:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/19 22:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/06/19 06:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/06/16 09:23:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/06/16 09:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/06/16 09:23:22 | 000,000,000 | ---D | C] -- C:\3a88b443a6665e4f2a519c
[2010/06/14 13:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\ImageStudio
[2010/06/13 19:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\skypePM
[2010/06/13 19:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Skype
[2010/06/13 19:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/06/13 19:08:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/06/13 19:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/06/11 10:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\ACD Systems
[2010/06/11 10:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\Acdsee Pro v3.0 Build 386
[2010/06/10 20:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\ZoomBrowser EX
[2010/06/10 20:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\CANON_INC
[2010/06/10 19:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Canon
[2010/06/10 19:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2010/06/06 14:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\AKVIS LLC
[2010/06/06 14:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AKVIS
[2010/06/06 14:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Downloaded Installations
[2010/05/27 11:44:20 | 000,237,320 | ---- | C] (Raxco Software, Inc.) -- C:\WINDOWS\System32\PDBoot.exe
[2010/04/16 16:23:35 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/08/17 19:30:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/08/17 18:43:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/17 17:37:53 | 063,551,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/17 17:13:53 | 000,437,504 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\IMG_2646.JPG
[2010/08/17 17:06:59 | 000,002,509 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\ACDSee 5.0.lnk
[2010/08/17 17:06:09 | 000,330,320 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\IMG_2644.JPG
[2010/08/17 16:58:13 | 000,002,537 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 8.lnk
[2010/08/17 14:46:18 | 002,559,139 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\IMG_2645.JPG
[2010/08/17 14:46:14 | 002,888,836 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\IMG_2643.JPG
[2010/08/17 14:46:08 | 003,310,995 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\IMG_2642.JPG
[2010/08/17 14:46:04 | 002,967,424 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\IMG_2639.JPG
[2010/08/17 11:32:12 | 000,000,091 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/17 11:32:08 | 000,186,500 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/17 11:32:05 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/17 11:32:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/17 11:31:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/17 11:31:25 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 11:30:36 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Paul\NTUSER.DAT
[2010/08/17 11:30:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Paul\ntuser.ini
[2010/08/17 11:14:38 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/16 22:57:56 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/16 22:57:56 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/16 22:57:00 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\My Garmin.lnk
[2010/08/16 10:38:36 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\msconfig.exe.lnk
[2010/08/15 23:01:05 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\G-Zapper.lnk
[2010/08/15 13:59:53 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe.lnk
[2010/08/15 13:59:49 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\Shortcut to ComboFix.exe.lnk
[2010/08/14 23:19:56 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Notepad.lnk
[2010/08/14 21:19:54 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\MBRCheck.exe
[2010/08/14 19:10:05 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/08/14 19:09:45 | 000,001,579 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\msconfig.exe.lnk
[2010/08/12 06:45:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2010/08/11 14:39:44 | 003,205,656 | ---- | M] (Garmin International) -- C:\Documents and Settings\Paul\My Documents\garminmapupdater_naeu_g.exe
[2010/08/11 14:24:47 | 006,440,112 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Paul\Desktop\Communicator.exe
[2010/08/10 20:21:41 | 000,201,649 | ---- | M] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2010/08/10 20:21:38 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Photo Pos Pro.lnk
[2010/08/10 20:08:50 | 002,153,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/10 20:06:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 20:04:43 | 000,584,354 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/10 20:04:43 | 000,504,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/10 20:04:43 | 000,087,854 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/10 19:58:34 | 000,075,872 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/10 19:55:19 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2010/08/10 19:49:25 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Paul\NTUSER.bak
[2010/08/10 19:36:28 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\CCleaner.lnk
[2010/08/10 00:24:44 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\Network Magic Folders.lnk
[2010/08/10 00:17:25 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/08/10 00:17:02 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/08/09 22:08:18 | 000,000,798 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.backup
[2010/08/07 09:33:43 | 002,133,040 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Paul\My Documents\avg_avw_stb_all_9_115.exe
[2010/08/03 19:41:50 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2010/08/03 19:41:45 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware bytes.lnk
[2010/07/18 12:28:39 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\ACDSee 5.0.lnk
[2010/07/18 12:27:13 | 000,002,038 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\ACD FotoCanvas Lite 2.0.lnk
[2010/07/17 22:52:52 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\OSS Internet Booster.lnk
[2010/07/15 10:18:27 | 000,000,600 | ---- | M] () -- C:\WINDOWS\Calendar.INI
[2010/07/08 20:06:13 | 000,000,388 | ---- | M] () -- C:\ACScnLog.ini
[2010/07/01 22:13:25 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/07/01 22:13:12 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Calculator.lnk
[2010/06/24 18:38:28 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Ps CS2.lnk
[2010/06/22 15:23:27 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/22 15:23:25 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/22 15:23:16 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/20 19:42:27 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/19 23:04:09 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Adobe Ps CS4.lnk
[2010/06/19 22:22:19 | 1060,086,801 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\Adobe Photoshop CS4 Extended Keygen & Patch.rar
[2010/06/19 06:38:57 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Photo Professional.lnk
[2010/06/18 13:58:48 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/06/14 05:57:49 | 000,528,384 | ---- | M] (PowerOfSoftware) -- C:\WINDOWS\System32\PosGRP.dll
[2010/06/13 19:13:04 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\I_D.doc
[2010/06/13 19:11:46 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/13 19:08:46 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/11 10:18:46 | 057,634,648 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\AP3-egydown.rar
[2010/06/04 18:32:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/02 17:02:08 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PerfectDisk 11.lnk
[2010/06/01 15:58:04 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 11:58:20 | 000,053,248 | ---- | M] (PowerOfSoftware) -- C:\WINDOWS\System32\PosTBsknLib.dll
[2010/05/27 11:44:20 | 000,237,320 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\PDBoot.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
-
August 17th, 2010, 08:22 PM
#14
========== Files Created - No Company Name ==========
[2010/08/17 16:51:44 | 003,310,995 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\IMG_2642.JPG
[2010/08/17 16:51:44 | 002,967,424 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\IMG_2639.JPG
[2010/08/17 16:51:44 | 002,888,836 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\IMG_2643.JPG
[2010/08/17 16:51:44 | 002,559,139 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\IMG_2645.JPG
[2010/08/17 16:51:44 | 000,437,504 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\IMG_2646.JPG
[2010/08/17 16:51:44 | 000,330,320 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\IMG_2644.JPG
[2010/08/16 22:57:00 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\My Garmin.lnk
[2010/08/15 13:59:53 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe.lnk
[2010/08/15 13:59:49 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\Shortcut to ComboFix.exe.lnk
[2010/08/14 21:19:54 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\MBRCheck.exe
[2010/08/14 19:16:23 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/08/14 19:16:21 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/12 06:45:14 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2010/08/11 23:10:11 | 000,433,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/10 19:59:33 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 19:40:37 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Paul\NTUSER.tmp.LOG
[2010/08/10 00:24:44 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\Network Magic Folders.lnk
[2010/08/10 00:17:25 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/08/03 19:41:50 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2010/08/03 19:41:45 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware bytes.lnk
[2010/07/18 12:32:02 | 000,002,509 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\ACDSee 5.0.lnk
[2010/07/18 12:27:13 | 000,002,038 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\ACD FotoCanvas Lite 2.0.lnk
[2010/07/17 22:52:52 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\OSS Internet Booster.lnk
[2010/07/01 22:13:25 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/07/01 22:13:12 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Calculator.lnk
[2010/06/27 12:28:18 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WSYS049.SYS
[2010/06/27 12:25:23 | 000,201,649 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2010/06/27 12:25:23 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Photo Pos Pro.lnk
[2010/06/24 18:38:28 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Ps CS2.lnk
[2010/06/20 20:07:53 | 000,000,388 | ---- | C] () -- C:\ACScnLog.ini
[2010/06/20 19:42:27 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/20 19:39:18 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0652.old
[2010/06/20 19:38:54 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/20 19:38:41 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/20 19:38:41 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/20 19:38:32 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/19 23:04:09 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Adobe Ps CS4.lnk
[2010/06/19 21:44:07 | 1060,086,801 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\Adobe Photoshop CS4 Extended Keygen & Patch.rar
[2010/06/19 06:38:57 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Photo Professional.lnk
[2010/06/15 16:12:15 | 000,002,537 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 8.lnk
[2010/06/13 19:22:28 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/06/13 19:11:46 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/13 19:08:46 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/12 22:14:41 | 000,002,491 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\ACDSee 5.0.lnk
[2010/06/11 10:16:49 | 057,634,648 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\AP3-egydown.rar
[2010/04/29 16:40:03 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2010/04/16 16:23:35 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2010/04/06 06:10:15 | 000,225,411 | ---- | C] () -- C:\WINDOWS\System32\PosPrKpLib.dll
[2010/04/06 06:10:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PosTickerLib.dll
[2010/02/21 15:01:27 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Calendar.INI
[2010/02/18 19:34:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/15 09:02:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DSSD.ini
[2010/02/10 20:38:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2010/02/10 12:53:39 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2010/02/10 12:53:12 | 000,011,653 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/10 12:51:54 | 000,000,768 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/02/09 09:17:02 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/02/09 08:59:02 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\fusioncache.dat
[2010/02/09 08:43:56 | 000,029,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/08 21:07:36 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2010/02/08 21:07:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2010/02/08 17:09:32 | 000,005,627 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2010/02/08 17:09:32 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/12/14 22:47:56 | 000,526,848 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2008/05/16 18:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 18:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 18:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 18:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 18:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/04/19 06:46:22 | 000,002,519 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM9.DLL
[2005/09/23 07:52:14 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\OneWay.dll
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2002/06/27 19:47:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2002/06/27 19:47:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2002/06/27 19:47:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2002/06/27 19:47:14 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2002/06/02 10:05:40 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\1Way.dll
[2002/03/21 12:51:52 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 12:51:52 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 12:51:52 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 12:51:52 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 12:51:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 12:51:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 12:51:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 21:01:06 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/08/01 00:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1995/08/18 02:00:00 | 000,150,016 | ---- | C] () -- C:\WINDOWS\crlasp95.dll
========== LOP Check ==========
[2010/06/11 10:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/04/29 17:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2010/08/07 09:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/08 20:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/02/09 09:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Max Secure
[2010/04/11 13:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/08/16 22:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/09 08:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ACD Systems
[2010/06/06 14:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\AKVIS LLC
[2010/04/29 17:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Ascentive
[2010/02/08 19:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\AVG9
[2010/06/10 19:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Canon
[2010/02/21 15:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\desksware
[2010/08/11 14:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\GARMIN
[2010/03/12 18:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Image Zone Express
[2010/06/12 22:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\IObit
[2010/02/08 18:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Isota
[2010/03/05 14:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Jasc
[2010/02/08 23:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech
[2010/05/10 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\MxBoost
[2010/04/18 12:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Opera
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/07/08 20:06:13 | 000,000,388 | ---- | M] () -- C:\ACScnLog.ini
[2010/04/29 17:13:23 | 000,000,300 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/14 19:10:05 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/08/16 22:57:56 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/17 11:18:55 | 000,031,099 | ---- | M] () -- C:\ComboFix.txt
[2010/02/08 16:44:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/06 02:06:42 | 000,000,179 | ---- | M] () -- C:\handle.dat
[2010/02/08 16:44:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/08 16:44:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/03 22:37:18 | 000,002,745 | ---- | M] () -- C:\MxVirScn.log
[2006/02/28 08:00:00 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM
[2010/02/08 16:03:32 | 000,250,048 | ---- | M] () -- C:\ntldr
[2010/08/17 11:31:21 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/08/03 09:44:55 | 000,084,038 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_03.08.2010_09.44.09_log.txt
[2010/08/03 19:43:20 | 000,001,954 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_03.08.2010_19.43.16_log.txt
[2010/08/05 00:24:53 | 000,041,966 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_05.08.2010_00.24.37_log.txt
[2010/08/05 20:49:34 | 000,041,966 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_05.08.2010_20.49.19_log.txt
[2010/08/09 22:01:19 | 000,041,436 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_09.08.2010_22.00.16_log.txt
[2010/08/17 19:20:22 | 000,040,280 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_17.08.2010_19.19.53_log.txt
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2010/02/08 08:18:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/02/08 08:18:38 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/02/08 08:18:37 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto >
< Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP FC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C6951A3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
-
August 17th, 2010, 08:44 PM
#15
Update your Java version here: http://www.java.com/en/download/installed.jsp
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
===============================================================
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
PRC - [2008/06/25 00:56:50 | 001,175,628 | ---- | M] () -- C:\Program Files\G-Zapper\GZapper 2.5.EXE
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKCU..\Run: [G-Zapper] C:\Program Files\G-Zapper\GZapper 2.5.E File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.44 213.109.75.130 1.1.1.1
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010/02/08 20:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/02/09 09:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Max Secure
[2010/04/11 13:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/06/12 22:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\IObit
[2010/05/10 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\MxBoost
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C6951A3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
:Services
:Reg
:Files
ipconfig /flushdns /c
C:\Program Files\G-Zapper
:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
