Jump to content

Can't remove Trojan.Agent Systim32.exe !

Down_under

By Down_under
in File Detections

 Share

Recommended Posts

Down_under

Down_under

Posted
Posted

Hi guys!

I hope you can help me here! I am Sebastian! I have 3 Shop computers, 2 tills

& an office! All 3 have malwarebytes licenses! But i can't remove the trojan agent!

I am running Windows XP SP3 and i can't see my folders. All folders seems too be EXE Files!

I need the programs in the network for bookkeeping and stuff, but can't find them. If i want to change the folder options or search a file, the windows are closing immediatly.

Hope somebody can help me! Here is a logfile from Malware, Highjack and OTL

Malware Logfile

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4099

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

18/05/2010 8:50:51 PM

mbam-log-2010-05-18 (20-50-51).txt

Scan type: Full scan (C:\|)

Objects scanned: 198881

Time elapsed: 1 hour(s), 11 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\SYSTIM32.EXE (Trojan.Agent) -> No action taken

OTL Log:

OTL logfile created on: 18/05/2010 6:28:19 PM - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\User\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 459.00 Mb Available Physical Memory | 45.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 53.97 Gb Free Space | 72.42% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: REDGUMSERVER

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)

PRC - C:\Program Files\Kalender\Kalender.exe (Ulrich Krebs)

PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)

PRC - C:\WINDOWS\system32\CNAB3RPK.EXE (CANON INC.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)

SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)

DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.)

DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)

DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://secure.centrelink.gov.au/TX/login?F...mp;Locale=en_US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://www3.iamwired.net/websearch.php?src=tops&search="

FF - prefs.js..browser.search.selectedEngine: "Search"

FF - prefs.js..browser.startup.homepage: "https://secure.centrelink.gov.au/TX/login?FirstTime=true&Locale=en_US"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..keyword.URL: "hxxp://www3.iamwired.net/websearch.php?src=tops&search="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 13:30:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 13:30:26 | 000,000,000 | ---D | M]

[2009/11/07 14:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions

[2010/05/18 16:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p809rhfj.default\extensions

[2009/11/07 15:35:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p809rhfj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/18 16:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/20 10:49:24 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2010/01/16 14:53:36 | 000,373,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 12872 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe (Ulrich Krebs)

O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257029364703 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab (PortfolioManagerWT ProfileManager Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.8.183.1 192.189.54.17

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/10/08 06:39:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{0ffbabaf-9bfe-11de-80af-00110960935b}\Shell\Auto\command - "" = Start.exe

O33 - MountPoints2\{0ffbabaf-9bfe-11de-80af-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1341912a-dcf3-11dc-aa46-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{1341912a-dcf3-11dc-aa46-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{15274024-ca2b-11dd-bf58-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{15274024-ca2b-11dd-bf58-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{18a14fce-9433-11de-80a5-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{18a14fce-9433-11de-80a5-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{377530ab-3802-11dd-aa6f-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{377530ab-3802-11dd-aa6f-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{37dea5ff-0f83-11df-816b-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{37dea5ff-0f83-11df-816b-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{3eecf242-303e-11dc-aa27-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{3eecf242-303e-11dc-aa27-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4ad6a45f-c4db-11de-80f6-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{4ad6a45f-c4db-11de-80f6-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found

O33 - MountPoints2\{69db068e-f800-11de-814c-00110960935b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found

O33 - MountPoints2\{69db068e-f800-11de-814c-00110960935b}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found

O33 - MountPoints2\{92b21574-1b80-11df-818a-00110960935b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found

O33 - MountPoints2\{92b21574-1b80-11df-818a-00110960935b}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found

O33 - MountPoints2\{a1e86cc9-d3ce-11de-811b-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell\AutoRun\command - "" = E:\MediaManager.exe -- File not found

O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell\AutoRun\command - "" = E:\MediaManager.exe -- File not found

O33 - MountPoints2\{ed4bff8c-90fd-11de-80a1-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{ed4bff8c-90fd-11de-80a1-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ee313646-21b9-11de-bfce-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{ee313646-21b9-11de-bfce-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{eec796b3-ef29-11dc-aa48-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{eec796b3-ef29-11dc-aa48-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fad719c9-c73a-11de-80f9-00110960935b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fe6470ad-3210-11dd-aa6c-00110960935b}\Shell - "" = AutoRun

O33 - MountPoints2\{fe6470ad-3210-11dd-aa6c-00110960935b}\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/18 17:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira

[2010/05/18 17:55:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2010/05/18 17:55:10 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/05/18 17:55:09 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2010/05/18 17:55:09 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2010/05/18 17:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/05/18 17:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2010/05/18 17:34:47 | 000,188,673 | ---- | C] (Avira GmbH) -- C:\Documents and Settings\User\Desktop\avirarkd.exe

[2010/05/18 17:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/05/13 09:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\MP3 Player Load

[2010/04/25 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\GlarySoft

[2010/04/25 14:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities

[2010/04/25 14:16:11 | 008,088,472 | ---- | C] (Glarysoft Ltd ) -- C:\gusetup.exe

[2010/04/25 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TuneUp Software

[2010/04/25 10:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2010/04/25 10:19:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

[2010/04/25 09:34:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\SYSTIM32

[2010/04/25 09:31:12 | 000,000,000 | -HSD | C] -- C:\SYSTIM32

[2010/04/21 11:13:42 | 001,242,112 | ---- | C] (Chestysoft) -- C:\WINDOWS\System32\csXImage.ocx

[2010/04/21 11:13:42 | 000,402,848 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\btn32a20.ocx

[2010/04/21 11:13:42 | 000,266,240 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZTiff.dll

[2010/04/21 11:13:42 | 000,225,280 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Btn32d20.dll

[2010/04/21 11:13:42 | 000,204,800 | ---- | C] (SaifSoft) -- C:\WINDOWS\System32\ColorBox.ocx

[2010/04/21 11:13:42 | 000,180,224 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\Eztwain3.dll

[2010/04/21 11:13:42 | 000,151,552 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZPng.dll

[2010/04/21 11:13:42 | 000,118,784 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZGif.dll

[2010/04/21 11:13:42 | 000,106,496 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZJpeg.dll

[2010/04/21 11:13:42 | 000,049,152 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZPdf.dll

[2010/04/21 11:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\DVDCoverPrint

[2010/04/21 11:13:41 | 000,238,080 | ---- | C] (Pegasus Software LLC) -- C:\WINDOWS\System32\fximg50g.ocx

[2010/04/21 11:13:41 | 000,178,688 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\fxlbl50g.ocx

[2010/04/21 11:13:40 | 000,307,200 | ---- | C] (Polar sales@polarsoftware.com www.polarsoftware.com) -- C:\WINDOWS\System32\PolarZIPLight.dll

[2010/04/21 11:13:40 | 000,122,880 | ---- | C] (ImageFX) -- C:\WINDOWS\System32\fxtls532.dll

[2010/04/21 11:13:40 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX

[2004/11/25 04:55:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

[979 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/18 18:26:40 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/18 18:25:20 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/05/18 18:25:11 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2010/05/18 18:25:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/18 18:24:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/18 18:15:41 | 000,000,807 | ---- | M] () -- C:\WINDOWS\MYOBP.INI

[2010/05/18 18:15:41 | 000,000,039 | ---- | M] () -- C:\WINDOWS\MYOB.INI

[2010/05/18 18:14:30 | 000,000,331 | -HS- | M] () -- C:\regs.sys

[2010/05/18 18:03:51 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\User\NTUSER.DAT

[2010/05/18 18:03:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini

[2010/05/18 17:55:34 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/05/18 17:46:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/05/18 17:44:31 | 000,000,743 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/05/18 17:15:07 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk

[2010/05/18 16:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2010/05/18 10:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2010/05/18 04:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2010/05/17 22:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2010/05/16 10:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/05/12 09:52:29 | 000,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/05/12 09:27:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TEMP.001

[2010/05/10 16:28:24 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Centrepay Report.xls

[2010/05/07 13:20:52 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Box of Eggs.doc

[2010/05/07 06:29:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr

[2010/05/07 06:29:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010/05/07 06:09:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010/05/07 06:09:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010/05/07 06:04:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010/05/07 06:03:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010/05/07 06:03:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010/05/07 06:03:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010/05/07 06:03:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/26 14:07:52 | 000,522,560 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/04/26 14:07:52 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/04/26 14:07:52 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/04/25 14:17:08 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Glary Utilities.lnk

[2010/04/25 14:16:12 | 008,088,472 | ---- | M] (Glarysoft Ltd ) -- C:\gusetup.exe

[2010/04/25 10:53:17 | 004,718,592 | ---- | M] () -- C:\WINDOWS\TEMP.000

[2010/04/21 11:15:04 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to DVDCoverPrint.lnk

[979 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/18 18:14:30 | 006,883,584 | ---- | C] () -- C:\WINDOWS\System32\SYSTIM32.EXE

[2010/05/18 17:55:34 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/05/18 17:19:00 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.004

[2010/05/18 17:14:57 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk

[2010/05/18 16:13:04 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.003

[2010/05/18 16:13:04 | 006,883,584 | ---- | C] () -- C:\WINDOWS\LASTGOOD.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\WINSXS.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\WBEM.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.002

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SXSCAP~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SUN.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SRCHASST.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SOFTWA~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SHELLNEW.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SERVIC~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SECURITY.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\RESOUR~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REPAIR.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REGIST~2.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REGIST~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PSS.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PROVIS~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PROFILES.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PREFETCH.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PEERNET.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PCHEALTH.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\NETWOR~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MUI.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MSAPPS.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MSAGENT.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MINIDUMP.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MICROS~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MEDIA.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\L2SCHE~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\JAVA.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IME.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IE8UPD~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IE7UPD~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\HELP.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\EHOME.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DRIVER~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DOWNLO~2.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DEBUG.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CURSORS.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CRYSTAL.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CONNEC~1.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CONFIG.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CACHE.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\BDOSCAN8.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\APPPATCH.EXE

[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\ADDINS.EXE

[2010/05/10 10:42:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEMP.001

[2010/05/07 13:20:51 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Box of Eggs.doc

[2010/04/25 14:17:15 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2010/04/25 14:17:08 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Glary Utilities.lnk

[2010/04/25 09:34:24 | 006,883,584 | ---- | C] () -- C:\Documents and Settings\User\WINDOWS.EXE

[2010/04/25 09:34:24 | 006,883,584 | ---- | C] () -- C:\Documents and Settings\User\DESKTOP.EXE

[2010/04/25 09:31:10 | 004,718,592 | ---- | C] () -- C:\WINDOWS\TEMP.000

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\SPOOLE~1.EXE

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\RETAILM.EXE

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOBODBC.EXE

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOBOD~1.EXE

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOB18.EXE

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\DOCUME~1.EXE

[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\ATI.EXE

[2010/04/24 09:17:59 | 000,000,331 | -HS- | C] () -- C:\regs.sys

[2010/04/21 11:15:04 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to DVDCoverPrint.lnk

[2010/04/21 11:13:41 | 000,059,014 | ---- | C] () -- C:\WINDOWS\System32\picn1820.ssm

[2010/04/21 11:13:41 | 000,047,163 | ---- | C] () -- C:\WINDOWS\System32\picn1320.ssm

[2010/04/21 11:13:41 | 000,016,064 | ---- | C] () -- C:\WINDOWS\System32\picn8220.ssm

[2010/04/21 11:13:39 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE

[2010/03/08 09:32:20 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010/03/08 09:32:18 | 001,317,152 | R--- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys

[2009/11/07 12:19:55 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/05/06 08:39:29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll

[2009/05/01 16:03:48 | 000,009,961 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/01/05 15:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008/12/20 00:45:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2008/12/18 03:11:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2008/12/18 02:52:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2008/12/18 02:52:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2008/12/18 02:47:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

[2008/12/18 02:29:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2008/12/11 20:57:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2008/08/30 12:15:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll

[2007/10/02 15:11:22 | 000,000,663 | ---- | C] () -- C:\WINDOWS\openrda.ini

[2007/08/06 11:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2007/05/10 11:09:28 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLeNL.DLL

[2007/03/13 16:29:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/06/23 15:00:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2006/05/05 18:26:00 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ctreestd.dll

[2004/10/17 09:34:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI

[2004/10/17 09:32:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini

[2004/10/17 09:16:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI

[2004/10/10 14:16:27 | 000,000,132 | ---- | C] () -- C:\WINDOWS\MYOBPOpt.INI

[2004/10/10 13:48:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/10/10 13:08:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll

[2004/10/10 12:52:25 | 000,000,807 | ---- | C] () -- C:\WINDOWS\MYOBP.INI

[2004/10/10 12:52:25 | 000,000,119 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini

[2004/10/10 12:52:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MYOB.INI

[2004/10/10 12:50:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI

[2004/10/10 12:49:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI

[2004/10/10 12:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwp32.INI

[2004/10/08 06:53:12 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2004/10/04 03:20:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2000/01/31 07:02:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll

[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997/11/14 10:53:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll

[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[1996/02/22 10:53:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll

[1996/01/15 10:53:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll

[1995/09/25 10:53:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv

[1994/04/07 10:53:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini

< End of report >

HIGHJACK THIS

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:43:39 PM, on 18/05/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\CNAB3RPK.EXE

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Kalender\Kalender.exe

C:\Documents and Settings\User\My Documents\Downloads\OTL.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\User\My Documents\Downloads\windows-kb890830-v3.7.exe

c:\70ff4e5438fec949a2\mrtstub.exe

C:\WINDOWS\system32\MRT.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.centrelink.gov.au/TX/login?F...mp;Locale=en_US

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257029364703

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--

End of file - 8572 bytes

Hop somebody can help, i need the computer, otherwise my tills are not working. Horror on a busy day.

Cheers

Seb

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept