Jump to content

trojan.Agent Systim32.EXE Folder Problem !


Recommended Posts

Hi guys!

I hope you can help me here! I am Sebastian! I have 3 Shop computers, 2 tills

& an office! All 3 have malwarebytes licenses! But i can't remove the trojan agent!

I am running Windows XP SP3 and i can't see my folders. All folders seems too be EXE Files!

I need the programs in the network for bookkeeping and stuff, but can't find them. If i want to change the folder options or search a file, the windows are closing immediatly.

Hope somebody can help me! Here is a logfile from Malware, Highjack and OTL

Malware Logfile

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4099

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

18/05/2010 8:50:51 PM

mbam-log-2010-05-18 (20-50-51).txt

Scan type: Full scan (C:\|)

Objects scanned: 198881

Time elapsed: 1 hour(s), 11 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\SYSTIM32.EXE (Trojan.Agent) -> No action taken

OTL Log:

OTL logfile created on: 18/05/2010 6:28:19 PM - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\User\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 459.00 Mb Available Physical Memory | 45.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 53.97 Gb Free Space | 72.42% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: REDGUMSERVER

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)

PRC - C:\Program Files\Kalender\Kalender.exe (Ulrich Krebs)

PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)

PRC - C:\WINDOWS\system32\CNAB3RPK.EXE (CANON INC.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)

SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)

DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.)

DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)

DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://secure.centrelink.gov.au/TX/login?F...mp;Locale=en_US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://www3.iamwired.net/websearch.php?src=tops&search="

FF - prefs.js..browser.search.selectedEngine: "Search"

FF - prefs.js..browser.startup.homepage: "https://secure.centrelink.gov.au/TX/login?FirstTime=true&Locale=en_US"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..keyword.URL: "hxxp://www3.iamwired.net/websearch.php?src=tops&search="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 13:30:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 13:30:26 | 000,000,000 | ---D | M]

[2009/11/07 14:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions

[2010/05/18 16:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p809rhfj.default\extensions

[2009/11/07 15:35:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p809rhfj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/18 16:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/20 10:49:24 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2010/01/16 14:53:36 | 000,373,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 12872 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe (Ulrich Krebs)

O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257029364703 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab (PortfolioManagerWT ProfileManager Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.8.183.1 192.189.54.17

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/10/08 06:39:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{0ffbabaf-9bfe-11de-80af-00110960935b}\Shell\Auto\command - "" = Start.exe

O33 - MountPoints2\{0ffbabaf-9bfe-11de-80af-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1341912a-dcf3-11dc-aa46-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{1341912a-dcf3-11dc-aa46-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{15274024-ca2b-11dd-bf58-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{15274024-ca2b-11dd-bf58-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{18a14fce-9433-11de-80a5-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{18a14fce-9433-11de-80a5-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{377530ab-3802-11dd-aa6f-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{377530ab-3802-11dd-aa6f-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{37dea5ff-0f83-11df-816b-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{37dea5ff-0f83-11df-816b-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{3eecf242-303e-11dc-aa27-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{3eecf242-303e-11dc-aa27-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4ad6a45f-c4db-11de-80f6-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{4ad6a45f-c4db-11de-80f6-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found

O33 - MountPoints2\{69db068e-f800-11de-814c-00110960935b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found

O33 - MountPoints2\{69db068e-f800-11de-814c-00110960935b}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found

O33 - MountPoints2\{92b21574-1b80-11df-818a-00110960935b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found

O33 - MountPoints2\{92b21574-1b80-11df-818a-00110960935b}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found

O33 - MountPoints2\{a1e86cc9-d3ce-11de-811b-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell\AutoRun\command - "" = E:\MediaManager.exe -- File not found

O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell\AutoRun\command - "" = E:\MediaManager.exe -- File not found

O33 - MountPoints2\{ed4bff8c-90fd-11de-80a1-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{ed4bff8c-90fd-11de-80a1-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ee313646-21b9-11de-bfce-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{ee313646-21b9-11de-bfce-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{eec796b3-ef29-11dc-aa48-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{eec796b3-ef29-11dc-aa48-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fad719c9-c73a-11de-80f9-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fe6470ad-3210-11dd-aa6c-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{fe6470ad-3210-11dd-aa6c-00110960935b}\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/18 17:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira

[2010/05/18 17:55:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2010/05/18 17:55:10 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/05/18 17:55:09 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2010/05/18 17:55:09 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2010/05/18 17:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/05/18 17:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2010/05/18 17:34:47 | 000,188,673 | ---- | C] (Avira GmbH) -- C:\Documents and Settings\User\Desktop\avirarkd.exe

[2010/05/18 17:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/05/13 09:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\MP3 Player Load

[2010/04/25 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\GlarySoft

[2010/04/25 14:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities

[2010/04/25 14:16:11 | 008,088,472 | ---- | C] (Glarysoft Ltd ) -- C:\gusetup.exe

[2010/04/25 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TuneUp Software

[2010/04/25 10:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2010/04/25 10:19:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

[2010/04/25 09:34:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\SYSTIM32

[2010/04/25 09:31:12 | 000,000,000 | -HSD | C] -- C:\SYSTIM32

[2010/04/21 11:13:42 | 001,242,112 | ---- | C] (Chestysoft) -- C:\WINDOWS\System32\csXImage.ocx

[2010/04/21 11:13:42 | 000,402,848 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\btn32a20.ocx

[2010/04/21 11:13:42 | 000,266,240 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZTiff.dll

[2010/04/21 11:13:42 | 000,225,280 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Btn32d20.dll

[2010/04/21 11:13:42 | 000,204,800 | ---- | C] (SaifSoft) -- C:\WINDOWS\System32\ColorBox.ocx

[2010/04/21 11:13:42 | 000,180,224 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\Eztwain3.dll

[2010/04/21 11:13:42 | 000,151,552 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZPng.dll

[2010/04/21 11:13:42 | 000,118,784 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZGif.dll

[2010/04/21 11:13:42 | 000,106,496 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZJpeg.dll

[2010/04/21 11:13:42 | 000,049,152 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZPdf.dll

[2010/04/21 11:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\DVDCoverPrint

[2010/04/21 11:13:41 | 000,238,080 | ---- | C] (Pegasus Software LLC) -- C:\WINDOWS\System32\fximg50g.ocx

[2010/04/21 11:13:41 | 000,178,688 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\fxlbl50g.ocx

[2010/04/21 11:13:40 | 000,307,200 | ---- | C] (Polar sales@polarsoftware.com www.polarsoftware.com) -- C:\WINDOWS\System32\PolarZIPLight.dll

[2010/04/21 11:13:40 | 000,122,880 | ---- | C] (ImageFX) -- C:\WINDOWS\System32\fxtls532.dll

[2010/04/21 11:13:40 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX

[2004/11/25 04:55:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

[979 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/18 18:26:40 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/18 18:25:20 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/05/18 18:25:11 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2010/05/18 18:25:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/18 18:24:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/18 18:15:41 | 000,000,807 | ---- | M] () -- C:\WINDOWS\MYOBP.INI

[2010/05/18 18:15:41 | 000,000,039 | ---- | M] () -- C:\WINDOWS\MYOB.INI

[2010/05/18 18:14:30 | 000,000,331 | -HS- | M] () -- C:\regs.sys

[2010/05/18 18:03:51 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\User\NTUSER.DAT

[2010/05/18 18:03:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini

[2010/05/18 17:55:34 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/05/18 17:46:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/05/18 17:44:31 | 000,000,743 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/05/18 17:15:07 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk

[2010/05/18 16:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2010/05/18 10:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2010/05/18 04:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2010/05/17 22:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2010/05/16 10:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/05/12 09:52:29 | 000,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/05/12 09:27:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TEMP.001

[2010/05/10 16:28:24 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Centrepay Report.xls

[2010/05/07 13:20:52 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Box of Eggs.doc

[2010/05/07 06:29:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr

[2010/05/07 06:29:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010/05/07 06:09:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010/05/07 06:09:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010/05/07 06:04:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010/05/07 06:03:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010/05/07 06:03:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010/05/07 06:03:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010/05/07 06:03:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/26 14:07:52 | 000,522,560 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/04/26 14:07:52 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/04/26 14:07:52 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/04/25 14:17:08 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Glary Utilities.lnk

[2010/04/25 14:16:12 | 008,088,472 | ---- | M] (Glarysoft Ltd ) -- C:\gusetup.exe

[2010/04/25 10:53:17 | 004,718,592 | ---- | M] () -- C:\WINDOWS\TEMP.000

[2010/04/21 11:15:04 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to DVDCoverPrint.lnk

[979 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/18 18:14:30 | 006,883,584 | ---- | C] () -- C:\WINDOWS\System32\SYSTIM32.EXE

[2010/05/18 17:55:34 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/05/18 17:19:00 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.004

[2010/05/18 17:14:57 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk

[2010/05/18 16:13:04 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.003

[2010/05/18 16:13:04 | 006,883,584 | ---- | C] () -- C:\WINDOWS\LASTGOOD.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\WINSXS.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\WBEM.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.002

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SXSCAP~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SUN.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SRCHASST.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SOFTWA~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SHELLNEW.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SERVIC~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SECURITY.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\RESOUR~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REPAIR.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REGIST~2.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REGIST~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PSS.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PROVIS~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PROFILES.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PREFETCH.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PEERNET.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PCHEALTH.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\NETWOR~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MUI.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MSAPPS.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MSAGENT.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MINIDUMP.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MICROS~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MEDIA.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\L2SCHE~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\JAVA.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IME.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IE8UPD~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IE7UPD~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\HELP.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\EHOME.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DRIVER~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DOWNLO~2.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DEBUG.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CURSORS.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CRYSTAL.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CONNEC~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CONFIG.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CACHE.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\BDOSCAN8.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\APPPATCH.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\ADDINS.EXE

[2010/05/10 10:42:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEMP.001

[2010/05/07 13:20:51 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Box of Eggs.doc

[2010/04/25 14:17:15 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2010/04/25 14:17:08 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Glary Utilities.lnk

[2010/04/25 09:34:24 | 006,883,584 | ---- | C] () -- C:\Documents and Settings\User\WINDOWS.EXE

[2010/04/25 09:34:24 | 006,883,584 | ---- | C] () -- C:\Documents and Settings\User\DESKTOP.EXE

[2010/04/25 09:31:10 | 004,718,592 | ---- | C] () -- C:\WINDOWS\TEMP.000

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\SPOOLE~1.EXE

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\RETAILM.EXE

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOBODBC.EXE

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOBOD~1.EXE

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOB18.EXE

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\DOCUME~1.EXE

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\ATI.EXE

[2010/04/24 09:17:59 | 000,000,331 | -HS- | C] () -- C:\regs.sys

[2010/04/21 11:15:04 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to DVDCoverPrint.lnk

[2010/04/21 11:13:41 | 000,059,014 | ---- | C] () -- C:\WINDOWS\System32\picn1820.ssm

[2010/04/21 11:13:41 | 000,047,163 | ---- | C] () -- C:\WINDOWS\System32\picn1320.ssm

[2010/04/21 11:13:41 | 000,016,064 | ---- | C] () -- C:\WINDOWS\System32\picn8220.ssm

[2010/04/21 11:13:39 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE

[2010/03/08 09:32:20 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010/03/08 09:32:18 | 001,317,152 | R--- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys

[2009/11/07 12:19:55 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/05/06 08:39:29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll

[2009/05/01 16:03:48 | 000,009,961 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/01/05 15:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008/12/20 00:45:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2008/12/18 03:11:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2008/12/18 02:52:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2008/12/18 02:52:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2008/12/18 02:47:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

[2008/12/18 02:29:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2008/12/11 20:57:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2008/08/30 12:15:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll

[2007/10/02 15:11:22 | 000,000,663 | ---- | C] () -- C:\WINDOWS\openrda.ini

[2007/08/06 11:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2007/05/10 11:09:28 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLeNL.DLL

[2007/03/13 16:29:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/06/23 15:00:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2006/05/05 18:26:00 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ctreestd.dll

[2004/10/17 09:34:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI

[2004/10/17 09:32:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini

[2004/10/17 09:16:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI

[2004/10/10 14:16:27 | 000,000,132 | ---- | C] () -- C:\WINDOWS\MYOBPOpt.INI

[2004/10/10 13:48:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/10/10 13:08:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll

[2004/10/10 12:52:25 | 000,000,807 | ---- | C] () -- C:\WINDOWS\MYOBP.INI

[2004/10/10 12:52:25 | 000,000,119 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini

[2004/10/10 12:52:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MYOB.INI

[2004/10/10 12:50:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI

[2004/10/10 12:49:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI

[2004/10/10 12:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwp32.INI

[2004/10/08 06:53:12 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2004/10/04 03:20:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2000/01/31 07:02:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll

[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997/11/14 10:53:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll

[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[1996/02/22 10:53:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll

[1996/01/15 10:53:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll

[1995/09/25 10:53:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv

[1994/04/07 10:53:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini

< End of report >

HIGHJACK THIS

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:43:39 PM, on 18/05/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\CNAB3RPK.EXE

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Kalender\Kalender.exe

C:\Documents and Settings\User\My Documents\Downloads\OTL.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\User\My Documents\Downloads\windows-kb890830-v3.7.exe

c:\70ff4e5438fec949a2\mrtstub.exe

C:\WINDOWS\system32\MRT.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.centrelink.gov.au/TX/login?F...mp;Locale=en_US

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257029364703

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--

End of file - 8572 bytes

Hop somebody can help, i need the computer, otherwise my tills are not working. Horror on a busy day.

Cheers

Seb

Link to post
Share on other sites

Hello Down_under

Welcome to Malwarebytes.

=====================

Please remove one virus protection or the other Avira or Avast you cannot have 2 running at once.

One of your flash drives is infected please plug it in before doing this scan:

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from
here and save it to your desktop.
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

=============

Please click here to download VRT by Kaspersky.

  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  5. Then click on Start Scan.
  6. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  7. When the scan is done no log will be produced.
  8. Click on the bottom where it says Report to open the report.
  9. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  10. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  11. You can save this on the desktop.
  12. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.