Down_under

Hi guys! I hope you can help me here! I am Sebastian! I have 3 Shop computers, 2 tills & an office! All 3 have malwarebytes licenses! But i can't remove the trojan agent! I am running Windows XP SP3 and i can't see my folders. All folders seems too be EXE Files! I need the programs in the network for bookkeeping and stuff, but can't find them. If i want to change the folder options or search a file, the windows are closing immediatly. Hope somebody can help me! Here is a logfile from Malware, Highjack and OTL Malware Logfile Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4099 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 18/05/2010 8:50:51 PM mbam-log-2010-05-18 (20-50-51).txt Scan type: Full scan (C:\|) Objects scanned: 198881 Time elapsed: 1 hour(s), 11 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\SYSTIM32.EXE (Trojan.Agent) -> No action taken OTL Log: OTL logfile created on: 18/05/2010 6:28:19 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\User\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1,023.00 Mb Total Physical Memory | 459.00 Mb Available Physical Memory | 45.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 53.97 Gb Free Space | 72.42% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: REDGUMSERVER Current User Name: User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.) PRC - C:\Program Files\Kalender\Kalender.exe (Ulrich Krebs) PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.) PRC - C:\WINDOWS\system32\CNAB3RPK.EXE (CANON INC.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) ========== Driver Services (SafeList) ========== DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.) DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys () DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://secure.centrelink.gov.au/TX/login?F...mp;Locale=en_US IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www3.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "https://secure.centrelink.gov.au/TX/login?FirstTime=true&Locale=en_US" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://www3.iamwired.net/websearch.php?src=tops&search=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 13:30:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 13:30:26 | 000,000,000 | ---D | M] [2009/11/07 14:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions [2010/05/18 16:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p809rhfj.default\extensions [2009/11/07 15:35:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p809rhfj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/05/18 16:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/01/20 10:49:24 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll O1 HOSTS File: ([2010/01/16 14:53:36 | 000,373,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 12872 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe (Ulrich Krebs) O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257029364703 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab (PortfolioManagerWT ProfileManager Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.8.183.1 192.189.54.17 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/10/08 06:39:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0ffbabaf-9bfe-11de-80af-00110960935b}\Shell\Auto\command - "" = Start.exe O33 - MountPoints2\{0ffbabaf-9bfe-11de-80af-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1341912a-dcf3-11dc-aa46-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{1341912a-dcf3-11dc-aa46-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{15274024-ca2b-11dd-bf58-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{15274024-ca2b-11dd-bf58-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{18a14fce-9433-11de-80a5-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{18a14fce-9433-11de-80a5-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{377530ab-3802-11dd-aa6f-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{377530ab-3802-11dd-aa6f-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{37dea5ff-0f83-11df-816b-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{37dea5ff-0f83-11df-816b-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3eecf242-303e-11dc-aa27-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{3eecf242-303e-11dc-aa27-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4ad6a45f-c4db-11de-80f6-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{4ad6a45f-c4db-11de-80f6-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found O33 - MountPoints2\{69db068e-f800-11de-814c-00110960935b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found O33 - MountPoints2\{69db068e-f800-11de-814c-00110960935b}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found O33 - MountPoints2\{92b21574-1b80-11df-818a-00110960935b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found O33 - MountPoints2\{92b21574-1b80-11df-818a-00110960935b}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found O33 - MountPoints2\{a1e86cc9-d3ce-11de-811b-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell\AutoRun\command - "" = E:\MediaManager.exe -- File not found O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell\AutoRun\command - "" = E:\MediaManager.exe -- File not found O33 - MountPoints2\{ed4bff8c-90fd-11de-80a1-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{ed4bff8c-90fd-11de-80a1-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ee313646-21b9-11de-bfce-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{ee313646-21b9-11de-bfce-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{eec796b3-ef29-11dc-aa48-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{eec796b3-ef29-11dc-aa48-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fad719c9-c73a-11de-80f9-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fe6470ad-3210-11dd-aa6c-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{fe6470ad-3210-11dd-aa6c-00110960935b}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/05/18 17:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira [2010/05/18 17:55:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010/05/18 17:55:10 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010/05/18 17:55:09 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010/05/18 17:55:09 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010/05/18 17:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010/05/18 17:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2010/05/18 17:34:47 | 000,188,673 | ---- | C] (Avira GmbH) -- C:\Documents and Settings\User\Desktop\avirarkd.exe [2010/05/18 17:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/05/13 09:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\MP3 Player Load [2010/04/25 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\GlarySoft [2010/04/25 14:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities [2010/04/25 14:16:11 | 008,088,472 | ---- | C] (Glarysoft Ltd ) -- C:\gusetup.exe [2010/04/25 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TuneUp Software [2010/04/25 10:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010/04/25 10:19:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010/04/25 09:34:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\SYSTIM32 [2010/04/25 09:31:12 | 000,000,000 | -HSD | C] -- C:\SYSTIM32 [2010/04/21 11:13:42 | 001,242,112 | ---- | C] (Chestysoft) -- C:\WINDOWS\System32\csXImage.ocx [2010/04/21 11:13:42 | 000,402,848 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\btn32a20.ocx [2010/04/21 11:13:42 | 000,266,240 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZTiff.dll [2010/04/21 11:13:42 | 000,225,280 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Btn32d20.dll [2010/04/21 11:13:42 | 000,204,800 | ---- | C] (SaifSoft) -- C:\WINDOWS\System32\ColorBox.ocx [2010/04/21 11:13:42 | 000,180,224 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\Eztwain3.dll [2010/04/21 11:13:42 | 000,151,552 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZPng.dll [2010/04/21 11:13:42 | 000,118,784 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZGif.dll [2010/04/21 11:13:42 | 000,106,496 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZJpeg.dll [2010/04/21 11:13:42 | 000,049,152 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZPdf.dll [2010/04/21 11:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\DVDCoverPrint [2010/04/21 11:13:41 | 000,238,080 | ---- | C] (Pegasus Software LLC) -- C:\WINDOWS\System32\fximg50g.ocx [2010/04/21 11:13:41 | 000,178,688 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\fxlbl50g.ocx [2010/04/21 11:13:40 | 000,307,200 | ---- | C] (Polar sales@polarsoftware.com www.polarsoftware.com) -- C:\WINDOWS\System32\PolarZIPLight.dll [2010/04/21 11:13:40 | 000,122,880 | ---- | C] (ImageFX) -- C:\WINDOWS\System32\fxtls532.dll [2010/04/21 11:13:40 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX [2004/11/25 04:55:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [979 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/18 18:26:40 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/05/18 18:25:20 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2010/05/18 18:25:11 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2010/05/18 18:25:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/18 18:24:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/18 18:15:41 | 000,000,807 | ---- | M] () -- C:\WINDOWS\MYOBP.INI [2010/05/18 18:15:41 | 000,000,039 | ---- | M] () -- C:\WINDOWS\MYOB.INI [2010/05/18 18:14:30 | 000,000,331 | -HS- | M] () -- C:\regs.sys [2010/05/18 18:03:51 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\User\NTUSER.DAT [2010/05/18 18:03:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini [2010/05/18 17:55:34 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2010/05/18 17:46:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/05/18 17:44:31 | 000,000,743 | ---- | M] () -- C:\WINDOWS\win.ini [2010/05/18 17:15:07 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk [2010/05/18 16:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010/05/18 10:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010/05/18 04:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010/05/17 22:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010/05/16 10:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/05/12 09:52:29 | 000,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/05/12 09:27:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TEMP.001 [2010/05/10 16:28:24 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Centrepay Report.xls [2010/05/07 13:20:52 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Box of Eggs.doc [2010/05/07 06:29:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010/05/07 06:29:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010/05/07 06:09:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010/05/07 06:09:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010/05/07 06:04:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010/05/07 06:03:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010/05/07 06:03:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010/05/07 06:03:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010/05/07 06:03:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/26 14:07:52 | 000,522,560 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/26 14:07:52 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/26 14:07:52 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/25 14:17:08 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Glary Utilities.lnk [2010/04/25 14:16:12 | 008,088,472 | ---- | M] (Glarysoft Ltd ) -- C:\gusetup.exe [2010/04/25 10:53:17 | 004,718,592 | ---- | M] () -- C:\WINDOWS\TEMP.000 [2010/04/21 11:15:04 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to DVDCoverPrint.lnk [979 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/18 18:14:30 | 006,883,584 | ---- | C] () -- C:\WINDOWS\System32\SYSTIM32.EXE [2010/05/18 17:55:34 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2010/05/18 17:19:00 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.004 [2010/05/18 17:14:57 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk [2010/05/18 16:13:04 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.003 [2010/05/18 16:13:04 | 006,883,584 | ---- | C] () -- C:\WINDOWS\LASTGOOD.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\WINSXS.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\WBEM.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.002 [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SXSCAP~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SUN.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SRCHASST.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SOFTWA~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SHELLNEW.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SERVIC~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SECURITY.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\RESOUR~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REPAIR.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REGIST~2.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REGIST~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PSS.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PROVIS~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PROFILES.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PREFETCH.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PEERNET.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PCHEALTH.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\NETWOR~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MUI.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MSAPPS.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MSAGENT.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MINIDUMP.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MICROS~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MEDIA.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\L2SCHE~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\JAVA.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IME.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IE8UPD~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IE7UPD~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\HELP.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\EHOME.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DRIVER~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DOWNLO~2.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DEBUG.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CURSORS.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CRYSTAL.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CONNEC~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CONFIG.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CACHE.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\BDOSCAN8.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\APPPATCH.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\ADDINS.EXE [2010/05/10 10:42:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEMP.001 [2010/05/07 13:20:51 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Box of Eggs.doc [2010/04/25 14:17:15 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2010/04/25 14:17:08 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Glary Utilities.lnk [2010/04/25 09:34:24 | 006,883,584 | ---- | C] () -- C:\Documents and Settings\User\WINDOWS.EXE [2010/04/25 09:34:24 | 006,883,584 | ---- | C] () -- C:\Documents and Settings\User\DESKTOP.EXE [2010/04/25 09:31:10 | 004,718,592 | ---- | C] () -- C:\WINDOWS\TEMP.000 [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\SPOOLE~1.EXE [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\RETAILM.EXE [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOBODBC.EXE [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOBOD~1.EXE [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOB18.EXE [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\DOCUME~1.EXE [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\ATI.EXE [2010/04/24 09:17:59 | 000,000,331 | -HS- | C] () -- C:\regs.sys [2010/04/21 11:15:04 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to DVDCoverPrint.lnk [2010/04/21 11:13:41 | 000,059,014 | ---- | C] () -- C:\WINDOWS\System32\picn1820.ssm [2010/04/21 11:13:41 | 000,047,163 | ---- | C] () -- C:\WINDOWS\System32\picn1320.ssm [2010/04/21 11:13:41 | 000,016,064 | ---- | C] () -- C:\WINDOWS\System32\picn8220.ssm [2010/04/21 11:13:39 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE [2010/03/08 09:32:20 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010/03/08 09:32:18 | 001,317,152 | R--- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys [2009/11/07 12:19:55 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/05/06 08:39:29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll [2009/05/01 16:03:48 | 000,009,961 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/01/05 15:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/12/20 00:45:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008/12/18 03:11:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008/12/18 02:52:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008/12/18 02:52:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/12/18 02:47:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008/12/18 02:29:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008/12/11 20:57:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008/08/30 12:15:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2007/10/02 15:11:22 | 000,000,663 | ---- | C] () -- C:\WINDOWS\openrda.ini [2007/08/06 11:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2007/05/10 11:09:28 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLeNL.DLL [2007/03/13 16:29:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/06/23 15:00:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2006/05/05 18:26:00 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ctreestd.dll [2004/10/17 09:34:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI [2004/10/17 09:32:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini [2004/10/17 09:16:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI [2004/10/10 14:16:27 | 000,000,132 | ---- | C] () -- C:\WINDOWS\MYOBPOpt.INI [2004/10/10 13:48:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004/10/10 13:08:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll [2004/10/10 12:52:25 | 000,000,807 | ---- | C] () -- C:\WINDOWS\MYOBP.INI [2004/10/10 12:52:25 | 000,000,119 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini [2004/10/10 12:52:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MYOB.INI [2004/10/10 12:50:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI [2004/10/10 12:49:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI [2004/10/10 12:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwp32.INI [2004/10/08 06:53:12 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2004/10/04 03:20:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2000/01/31 07:02:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll [1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997/11/14 10:53:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll [1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [1996/02/22 10:53:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll [1996/01/15 10:53:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll [1995/09/25 10:53:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv [1994/04/07 10:53:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini < End of report > HIGHJACK THIS Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:43:39 PM, on 18/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\CNAB3RPK.EXE C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Kalender\Kalender.exe C:\Documents and Settings\User\My Documents\Downloads\OTL.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\User\My Documents\Downloads\windows-kb890830-v3.7.exe c:\70ff4e5438fec949a2\mrtstub.exe C:\WINDOWS\system32\MRT.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.centrelink.gov.au/TX/login?F...mp;Locale=en_US R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257029364703 O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- End of file - 8572 bytes Hop somebody can help, i need the computer, otherwise my tills are not working. Horror on a busy day. Cheers Seb

Hi guys! I hope you can help me here! I am Sebastian! I have 3 Shop computers, 2 tills & an office! All 3 have malwarebytes licenses! But i can't remove the trojan agent! I am running Windows XP SP3 and i can't see my folders. All folders seems too be EXE Files! I need the programs in the network for bookkeeping and stuff, but can't find them. If i want to change the folder options or search a file, the windows are closing immediatly. Hope somebody can help me! Here is a logfile from Malware, Highjack and OTL Malware Logfile Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4099 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 18/05/2010 8:50:51 PM mbam-log-2010-05-18 (20-50-51).txt Scan type: Full scan (C:\|) Objects scanned: 198881 Time elapsed: 1 hour(s), 11 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\SYSTIM32.EXE (Trojan.Agent) -> No action taken OTL Log: OTL logfile created on: 18/05/2010 6:28:19 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\User\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1,023.00 Mb Total Physical Memory | 459.00 Mb Available Physical Memory | 45.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 53.97 Gb Free Space | 72.42% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: REDGUMSERVER Current User Name: User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.) PRC - C:\Program Files\Kalender\Kalender.exe (Ulrich Krebs) PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.) PRC - C:\WINDOWS\system32\CNAB3RPK.EXE (CANON INC.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) ========== Driver Services (SafeList) ========== DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.) DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys () DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://secure.centrelink.gov.au/TX/login?F...mp;Locale=en_US IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www3.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "https://secure.centrelink.gov.au/TX/login?FirstTime=true&Locale=en_US" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://www3.iamwired.net/websearch.php?src=tops&search=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 13:30:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 13:30:26 | 000,000,000 | ---D | M] [2009/11/07 14:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions [2010/05/18 16:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p809rhfj.default\extensions [2009/11/07 15:35:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p809rhfj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/05/18 16:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/01/20 10:49:24 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll O1 HOSTS File: ([2010/01/16 14:53:36 | 000,373,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 12872 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe (Ulrich Krebs) O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257029364703 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab (PortfolioManagerWT ProfileManager Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.8.183.1 192.189.54.17 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/10/08 06:39:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0ffbabaf-9bfe-11de-80af-00110960935b}\Shell\Auto\command - "" = Start.exe O33 - MountPoints2\{0ffbabaf-9bfe-11de-80af-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1341912a-dcf3-11dc-aa46-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{1341912a-dcf3-11dc-aa46-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{15274024-ca2b-11dd-bf58-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{15274024-ca2b-11dd-bf58-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{18a14fce-9433-11de-80a5-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{18a14fce-9433-11de-80a5-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{377530ab-3802-11dd-aa6f-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{377530ab-3802-11dd-aa6f-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{37dea5ff-0f83-11df-816b-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{37dea5ff-0f83-11df-816b-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3eecf242-303e-11dc-aa27-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{3eecf242-303e-11dc-aa27-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4ad6a45f-c4db-11de-80f6-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{4ad6a45f-c4db-11de-80f6-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found O33 - MountPoints2\{69db068e-f800-11de-814c-00110960935b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found O33 - MountPoints2\{69db068e-f800-11de-814c-00110960935b}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found O33 - MountPoints2\{92b21574-1b80-11df-818a-00110960935b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found O33 - MountPoints2\{92b21574-1b80-11df-818a-00110960935b}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found O33 - MountPoints2\{a1e86cc9-d3ce-11de-811b-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell\AutoRun\command - "" = E:\MediaManager.exe -- File not found O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell\AutoRun\command - "" = E:\MediaManager.exe -- File not found O33 - MountPoints2\{ed4bff8c-90fd-11de-80a1-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{ed4bff8c-90fd-11de-80a1-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ee313646-21b9-11de-bfce-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{ee313646-21b9-11de-bfce-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{eec796b3-ef29-11dc-aa48-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{eec796b3-ef29-11dc-aa48-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fad719c9-c73a-11de-80f9-00110960935b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fe6470ad-3210-11dd-aa6c-00110960935b}\Shell - "" = AutoRun O33 - MountPoints2\{fe6470ad-3210-11dd-aa6c-00110960935b}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/05/18 17:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira [2010/05/18 17:55:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010/05/18 17:55:10 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010/05/18 17:55:09 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010/05/18 17:55:09 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010/05/18 17:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010/05/18 17:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2010/05/18 17:34:47 | 000,188,673 | ---- | C] (Avira GmbH) -- C:\Documents and Settings\User\Desktop\avirarkd.exe [2010/05/18 17:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/05/13 09:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\MP3 Player Load [2010/04/25 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\GlarySoft [2010/04/25 14:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities [2010/04/25 14:16:11 | 008,088,472 | ---- | C] (Glarysoft Ltd ) -- C:\gusetup.exe [2010/04/25 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TuneUp Software [2010/04/25 10:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010/04/25 10:19:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010/04/25 09:34:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\SYSTIM32 [2010/04/25 09:31:12 | 000,000,000 | -HSD | C] -- C:\SYSTIM32 [2010/04/21 11:13:42 | 001,242,112 | ---- | C] (Chestysoft) -- C:\WINDOWS\System32\csXImage.ocx [2010/04/21 11:13:42 | 000,402,848 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\btn32a20.ocx [2010/04/21 11:13:42 | 000,266,240 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZTiff.dll [2010/04/21 11:13:42 | 000,225,280 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Btn32d20.dll [2010/04/21 11:13:42 | 000,204,800 | ---- | C] (SaifSoft) -- C:\WINDOWS\System32\ColorBox.ocx [2010/04/21 11:13:42 | 000,180,224 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\Eztwain3.dll [2010/04/21 11:13:42 | 000,151,552 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZPng.dll [2010/04/21 11:13:42 | 000,118,784 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZGif.dll [2010/04/21 11:13:42 | 000,106,496 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZJpeg.dll [2010/04/21 11:13:42 | 000,049,152 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZPdf.dll [2010/04/21 11:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\DVDCoverPrint [2010/04/21 11:13:41 | 000,238,080 | ---- | C] (Pegasus Software LLC) -- C:\WINDOWS\System32\fximg50g.ocx [2010/04/21 11:13:41 | 000,178,688 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\fxlbl50g.ocx [2010/04/21 11:13:40 | 000,307,200 | ---- | C] (Polar sales@polarsoftware.com www.polarsoftware.com) -- C:\WINDOWS\System32\PolarZIPLight.dll [2010/04/21 11:13:40 | 000,122,880 | ---- | C] (ImageFX) -- C:\WINDOWS\System32\fxtls532.dll [2010/04/21 11:13:40 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX [2004/11/25 04:55:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [979 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/18 18:26:40 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/05/18 18:25:20 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2010/05/18 18:25:11 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2010/05/18 18:25:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/18 18:24:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/18 18:15:41 | 000,000,807 | ---- | M] () -- C:\WINDOWS\MYOBP.INI [2010/05/18 18:15:41 | 000,000,039 | ---- | M] () -- C:\WINDOWS\MYOB.INI [2010/05/18 18:14:30 | 000,000,331 | -HS- | M] () -- C:\regs.sys [2010/05/18 18:03:51 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\User\NTUSER.DAT [2010/05/18 18:03:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini [2010/05/18 17:55:34 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2010/05/18 17:46:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/05/18 17:44:31 | 000,000,743 | ---- | M] () -- C:\WINDOWS\win.ini [2010/05/18 17:15:07 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk [2010/05/18 16:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010/05/18 10:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010/05/18 04:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010/05/17 22:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010/05/16 10:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/05/12 09:52:29 | 000,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/05/12 09:27:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TEMP.001 [2010/05/10 16:28:24 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Centrepay Report.xls [2010/05/07 13:20:52 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Box of Eggs.doc [2010/05/07 06:29:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010/05/07 06:29:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010/05/07 06:09:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010/05/07 06:09:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010/05/07 06:04:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010/05/07 06:03:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010/05/07 06:03:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010/05/07 06:03:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010/05/07 06:03:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/26 14:07:52 | 000,522,560 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/26 14:07:52 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/26 14:07:52 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/25 14:17:08 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Glary Utilities.lnk [2010/04/25 14:16:12 | 008,088,472 | ---- | M] (Glarysoft Ltd ) -- C:\gusetup.exe [2010/04/25 10:53:17 | 004,718,592 | ---- | M] () -- C:\WINDOWS\TEMP.000 [2010/04/21 11:15:04 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to DVDCoverPrint.lnk [979 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/18 18:14:30 | 006,883,584 | ---- | C] () -- C:\WINDOWS\System32\SYSTIM32.EXE [2010/05/18 17:55:34 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2010/05/18 17:19:00 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.004 [2010/05/18 17:14:57 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk [2010/05/18 16:13:04 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.003 [2010/05/18 16:13:04 | 006,883,584 | ---- | C] () -- C:\WINDOWS\LASTGOOD.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\WINSXS.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\WBEM.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.002 [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SXSCAP~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SUN.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SRCHASST.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SOFTWA~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SHELLNEW.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SERVIC~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SECURITY.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\RESOUR~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REPAIR.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REGIST~2.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REGIST~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PSS.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PROVIS~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PROFILES.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PREFETCH.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PEERNET.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PCHEALTH.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\NETWOR~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MUI.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MSAPPS.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MSAGENT.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MINIDUMP.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MICROS~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MEDIA.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\L2SCHE~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\JAVA.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IME.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IE8UPD~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IE7UPD~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\HELP.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\EHOME.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DRIVER~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DOWNLO~2.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DEBUG.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CURSORS.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CRYSTAL.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CONNEC~1.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CONFIG.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CACHE.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\BDOSCAN8.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\APPPATCH.EXE [2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\ADDINS.EXE [2010/05/10 10:42:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEMP.001 [2010/05/07 13:20:51 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Box of Eggs.doc [2010/04/25 14:17:15 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2010/04/25 14:17:08 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Glary Utilities.lnk [2010/04/25 09:34:24 | 006,883,584 | ---- | C] () -- C:\Documents and Settings\User\WINDOWS.EXE [2010/04/25 09:34:24 | 006,883,584 | ---- | C] () -- C:\Documents and Settings\User\DESKTOP.EXE [2010/04/25 09:31:10 | 004,718,592 | ---- | C] () -- C:\WINDOWS\TEMP.000 [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\SPOOLE~1.EXE [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\RETAILM.EXE [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOBODBC.EXE [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOBOD~1.EXE [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOB18.EXE [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\DOCUME~1.EXE [2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\ATI.EXE [2010/04/24 09:17:59 | 000,000,331 | -HS- | C] () -- C:\regs.sys [2010/04/21 11:15:04 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to DVDCoverPrint.lnk [2010/04/21 11:13:41 | 000,059,014 | ---- | C] () -- C:\WINDOWS\System32\picn1820.ssm [2010/04/21 11:13:41 | 000,047,163 | ---- | C] () -- C:\WINDOWS\System32\picn1320.ssm [2010/04/21 11:13:41 | 000,016,064 | ---- | C] () -- C:\WINDOWS\System32\picn8220.ssm [2010/04/21 11:13:39 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE [2010/03/08 09:32:20 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010/03/08 09:32:18 | 001,317,152 | R--- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys [2009/11/07 12:19:55 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/05/06 08:39:29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll [2009/05/01 16:03:48 | 000,009,961 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/01/05 15:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/12/20 00:45:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008/12/18 03:11:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008/12/18 02:52:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008/12/18 02:52:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/12/18 02:47:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008/12/18 02:29:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008/12/11 20:57:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008/08/30 12:15:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2007/10/02 15:11:22 | 000,000,663 | ---- | C] () -- C:\WINDOWS\openrda.ini [2007/08/06 11:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2007/05/10 11:09:28 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLeNL.DLL [2007/03/13 16:29:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/06/23 15:00:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2006/05/05 18:26:00 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ctreestd.dll [2004/10/17 09:34:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI [2004/10/17 09:32:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini [2004/10/17 09:16:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI [2004/10/10 14:16:27 | 000,000,132 | ---- | C] () -- C:\WINDOWS\MYOBPOpt.INI [2004/10/10 13:48:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004/10/10 13:08:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll [2004/10/10 12:52:25 | 000,000,807 | ---- | C] () -- C:\WINDOWS\MYOBP.INI [2004/10/10 12:52:25 | 000,000,119 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini [2004/10/10 12:52:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MYOB.INI [2004/10/10 12:50:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI [2004/10/10 12:49:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI [2004/10/10 12:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwp32.INI [2004/10/08 06:53:12 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2004/10/04 03:20:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2000/01/31 07:02:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll [1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997/11/14 10:53:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll [1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [1996/02/22 10:53:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll [1996/01/15 10:53:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll [1995/09/25 10:53:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv [1994/04/07 10:53:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini < End of report > HIGHJACK THIS Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:43:39 PM, on 18/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\CNAB3RPK.EXE C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Kalender\Kalender.exe C:\Documents and Settings\User\My Documents\Downloads\OTL.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\User\My Documents\Downloads\windows-kb890830-v3.7.exe c:\70ff4e5438fec949a2\mrtstub.exe C:\WINDOWS\system32\MRT.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.centrelink.gov.au/TX/login?F...mp;Locale=en_US R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257029364703 O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- End of file - 8572 bytes Hop somebody can help, i need the computer, otherwise my tills are not working. Horror on a busy day. Cheers Seb