Jump to content

DDS won't run


Recommended Posts

I've been trying for a couple days to get rid of a Firefox (internet) redirect. Malwarebytes Anti-Malware shows a trojan and tells me it's been removed, but it still redirects. I've tried the "7-step Viruses/Spyware/Malware Preliminary Removal Instructions" but when I got to the DDS section, it wouldn't run. (I've run MBam, GMER, TDSSKiller and ESET and have all the logs.) I'm not sure what to do next. Please help?

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7285

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/31/2011 1:37:23 AM

mbam-log-2011-07-31 (01-37-23).txt

Scan type: Quick scan

Objects scanned: 210229

Time elapsed: 37 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\system32\ativtmxx32.dll (IPH.GenericBHO) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{0C89E4BE-06B9-4369-B25F-37F307837AA9} (IPH.GenericBHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C89E4BE-06B9-4369-B25F-37F307837AA9} (IPH.GenericBHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0C89E4BE-06B9-4369-B25F-37F307837AA9} (IPH.GenericBHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C89E4BE-06B9-4369-B25F-37F307837AA9} (IPH.GenericBHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\ativtmxx32.dll (IPH.GenericBHO) -> Delete on reboot.

___________________________________________________________________________

OTL logfile created on: 7/31/2011 2:21:42 AM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Anastasia\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 240.48 Mb Available Physical Memory | 23.52% Memory free

2.40 Gb Paging File | 1.07 Gb Available in Paging File | 44.56% Paging File free

Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 31.16 Gb Total Space | 5.17 Gb Free Space | 16.58% Space Free | Partition Type: NTFS

Drive E: | 298.02 Gb Total Space | 9.28 Gb Free Space | 3.12% Space Free | Partition Type: FAT32

Computer Name: ANASTASI-2371DA | User Name: Anastasia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/31 00:51:22 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

PRC - [2011/07/29 23:16:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anastasia\Desktop\OTL.exe

PRC - [2011/07/25 22:57:48 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2011/07/08 01:37:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/01/12 22:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe

PRC - [2010/07/12 08:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe

PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1283925294\ee\aolsoftware.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/03/17 21:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2007/05/21 04:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

PRC - [2005/02/23 15:57:24 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Mixer\CTSVolFE.exe

PRC - [2002/08/01 14:43:54 | 000,126,976 | R--- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

========== Modules (SafeList) ==========

MOD - [2011/07/29 23:16:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anastasia\Desktop\OTL.exe

MOD - [2011/07/25 22:59:25 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll

MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll

MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll

MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2002/08/01 14:43:38 | 000,065,536 | R--- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (dmserver32)

SRV - [2011/07/19 15:40:10 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/04/01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2006/10/13 00:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2006/08/07 11:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)

DRV - [2006/05/23 23:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2005/12/08 03:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2005/12/08 03:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

DRV - [2001/08/17 13:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmdm.sys -- (BCMModem)

DRV - [2001/08/17 12:48:40 | 000,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)

DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ageofintrigue.com/board/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.conduit.com?SearchSource=10&ctid=CT2856459

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BE E4 89 0C B9 06 69 43 B2 5F 37 F3 07 83 7A A9 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ageofintrigue.com/board/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5

FF - prefs.js..extensions.enabledItems: {fcec01d9-8437-4e40-98b8-108d7a49de4a}:1.0

FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4

FF - prefs.js..extensions.enabledItems: {83dcf4d3-a8cc-4308-9373-ed1013d5a522}:1.0

FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/05 19:29:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/25 22:59:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/25 22:58:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/25 23:01:31 | 000,000,000 | ---D | M]

[2011/07/25 18:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anastasia\Application Data\Mozilla\Extensions

[2011/07/30 22:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anastasia\Application Data\Mozilla\Firefox\Profiles\8dg0nd8k.default\extensions

[2011/07/25 22:40:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Anastasia\Application Data\Mozilla\Firefox\Profiles\8dg0nd8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/07/31 00:54:23 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Anastasia\Application Data\Mozilla\Firefox\Profiles\8dg0nd8k.default\extensions\{83dcf4d3-a8cc-4308-9373-ed1013d5a522}

[2011/07/26 02:47:44 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Anastasia\Application Data\Mozilla\Firefox\Profiles\8dg0nd8k.default\extensions\{fcec01d9-8437-4e40-98b8-108d7a49de4a}

[2011/07/26 15:34:35 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Anastasia\Application Data\Mozilla\Firefox\Profiles\8dg0nd8k.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}

[2011/07/25 18:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/07/25 22:59:38 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2011/07/05 19:29:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2010/09/08 23:28:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {1c9b96a0-cba2-482e-9c40-9200b547123a} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {1c9b96a0-cba2-482e-9c40-9200b547123a} - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [CTSVolFE.exe] C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1283925294\ee\aolsoftware.exe (AOL Inc.)

O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NAV] C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\16.0.0.125\InstStub.exe (Symantec Corporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283922185625 (MUWebControl Class)

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab (DASWebDownload Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Anastasia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Anastasia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/04/05 08:44:20 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]

O33 - MountPoints2\{4fa77f92-fb47-11df-b55a-0015c5168beb}\Shell - "" = AutoRun

O33 - MountPoints2\{4fa77f92-fb47-11df-b55a-0015c5168beb}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4fa77f92-fb47-11df-b55a-0015c5168beb}\Shell\AutoRun\command - "" = F:\.Bin\launcher.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/30 00:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\System Mechanic

[2011/07/30 00:41:20 | 002,083,464 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator32.dll

[2011/07/30 00:40:20 | 000,029,696 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe

[2011/07/30 00:40:20 | 000,011,776 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe

[2011/07/30 00:40:14 | 000,056,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\offreg.dll

[2011/07/30 00:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\iolo

[2011/07/29 23:16:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anastasia\Desktop\OTL.exe

[2011/07/27 21:12:06 | 128,605,576 | ---- | C] (Norman ASA) -- C:\Documents and Settings\Anastasia\Desktop\Norman_Malware_Cleaner.exe

[2011/07/25 22:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2011/07/25 21:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Silverlight

[2011/07/25 21:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2011/07/25 18:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2011/07/25 18:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox

[2011/07/25 17:52:36 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\drivers\bcmdm.sys

[2011/07/25 17:52:36 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys

[2011/07/25 02:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/13 03:10:33 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/13 03:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/13 03:10:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/13 03:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2004/07/09 05:08:36 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dxsetup.exe

[2004/07/09 05:08:34 | 002,242,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll

[2004/07/09 04:03:10 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Anastasia\*.tmp files -> C:\Documents and Settings\Anastasia\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/31 01:43:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-920026266-725345543-1003.job

[2011/07/31 01:41:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/31 01:40:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2011/07/31 00:58:38 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-920026266-725345543-1003.job

[2011/07/30 23:27:55 | 000,000,269 | ---- | M] () -- C:\WINDOWS\SysMech.INI

[2011/07/30 21:55:43 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\1376642773

[2011/07/30 21:34:10 | 000,004,279 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\deadlands research.rtf

[2011/07/30 16:17:32 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{880F263E-3F32-407E-B247-19092130FEB0}.job

[2011/07/30 15:53:02 | 000,000,386 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg

[2011/07/30 04:26:16 | 000,001,520 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\Virus & RDR help.rtf

[2011/07/30 00:41:42 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\System Mechanic.lnk

[2011/07/29 23:16:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anastasia\Desktop\OTL.exe

[2011/07/29 03:27:10 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/28 03:44:26 | 000,003,925 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\research4.rtf

[2011/07/28 03:44:17 | 000,003,802 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\research3.rtf

[2011/07/28 03:44:06 | 000,013,061 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\research2.rtf

[2011/07/28 03:43:40 | 000,031,704 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\research.rtf

[2011/07/27 21:15:19 | 128,605,576 | ---- | M] (Norman ASA) -- C:\Documents and Settings\Anastasia\Desktop\Norman_Malware_Cleaner.exe

[2011/07/27 19:19:53 | 000,314,951 | ---- | M] () -- C:\Documents and Settings\Anastasia\Local Settings\Application Data\census.cache

[2011/07/27 19:16:21 | 000,234,789 | ---- | M] () -- C:\Documents and Settings\Anastasia\Local Settings\Application Data\ars.cache

[2011/07/25 22:58:46 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

[2011/07/25 22:58:04 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

[2011/07/25 22:58:04 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[2011/07/25 22:57:54 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

[2011/07/25 20:32:28 | 000,504,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/07/25 20:32:28 | 000,088,140 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/07/25 18:27:13 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Anastasia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/07/25 18:27:13 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk

[2011/07/24 14:47:16 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Anastasia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/23 06:58:20 | 000,174,001 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\Promissory.pdf

[2011/07/20 02:33:53 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\PLUS loan.bmp

[2011/07/19 20:36:42 | 001,241,477 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\Russell-ebook.pdf

[2011/07/19 16:25:32 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe

[2011/07/19 16:25:22 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe

[2011/07/19 15:42:44 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator32.dll

[2011/07/13 21:47:42 | 000,035,590 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\Cat Restaurant

[2011/07/13 15:07:32 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

[2011/07/13 03:30:06 | 000,111,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/07/11 16:42:15 | 000,003,385 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\errata.rtf

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/05 19:29:18 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2011/07/05 13:51:48 | 000,007,617 | ---- | M] () -- C:\Documents and Settings\Anastasia\Application Data\8F36.79D

[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2011/07/03 23:59:35 | 000,004,271 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\Deadlands character.rtf

[2011/07/01 15:20:47 | 000,012,125 | ---- | M] () -- C:\Documents and Settings\Anastasia\Desktop\tvtropes

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Anastasia\*.tmp files -> C:\Documents and Settings\Anastasia\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/30 23:27:55 | 000,000,269 | ---- | C] () -- C:\WINDOWS\SysMech.INI

[2011/07/30 04:26:10 | 000,001,520 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\Virus & RDR help.rtf

[2011/07/30 00:41:42 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\System Mechanic.lnk

[2011/07/29 16:47:40 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-920026266-725345543-1003.job

[2011/07/28 03:44:35 | 000,004,279 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\deadlands research.rtf

[2011/07/28 03:44:26 | 000,003,925 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\research4.rtf

[2011/07/28 03:44:17 | 000,003,802 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\research3.rtf

[2011/07/28 03:44:06 | 000,013,061 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\research2.rtf

[2011/07/28 03:43:39 | 000,031,704 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\research.rtf

[2011/07/27 19:19:53 | 000,314,951 | ---- | C] () -- C:\Documents and Settings\Anastasia\Local Settings\Application Data\census.cache

[2011/07/27 19:16:21 | 000,234,789 | ---- | C] () -- C:\Documents and Settings\Anastasia\Local Settings\Application Data\ars.cache

[2011/07/25 18:27:13 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Anastasia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/07/25 18:27:13 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk

[2011/07/23 06:58:20 | 000,174,001 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\Promissory.pdf

[2011/07/20 02:33:52 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\PLUS loan.bmp

[2011/07/19 20:36:42 | 001,241,477 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\Russell-ebook.pdf

[2011/07/13 21:47:41 | 000,035,590 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\Cat Restaurant

[2011/07/12 17:11:14 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\1376642773

[2011/07/11 16:42:15 | 000,003,385 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\errata.rtf

[2011/07/05 02:15:03 | 000,007,617 | ---- | C] () -- C:\Documents and Settings\Anastasia\Application Data\8F36.79D

[2011/07/03 23:59:35 | 000,004,271 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\Deadlands character.rtf

[2011/07/01 15:20:45 | 000,012,125 | ---- | C] () -- C:\Documents and Settings\Anastasia\Desktop\tvtropes

[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2010/11/30 02:13:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat

[2010/11/10 03:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe

[2010/11/10 03:45:30 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll

[2010/11/10 03:45:20 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll

[2010/10/20 20:54:25 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Anastasia\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/10/04 06:51:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2010/09/25 22:44:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/09/16 21:11:04 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2010/09/16 18:56:44 | 000,000,010 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2010/09/16 14:46:08 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Anastasia\Local Settings\Application Data\fusioncache.dat

[2010/09/16 14:19:45 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010/09/11 15:39:09 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/09/09 21:48:09 | 000,000,821 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2010/09/09 02:12:10 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Retrieve10.INI

[2010/09/08 10:57:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2010/09/08 02:18:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/09/08 01:48:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/09/08 00:29:29 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini

[2010/09/07 23:09:49 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2010/09/07 17:00:52 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[2010/09/07 14:40:38 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

[2010/09/07 12:12:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/09/07 12:01:29 | 000,034,284 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/09/07 07:37:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/09/07 07:36:09 | 000,111,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2010/03/10 02:25:41 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Anastasia\Local Settings\Application Data\housecall.guid.cache

[2010/02/13 23:27:31 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Anastasia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/13 14:56:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2010/02/13 14:56:28 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2010/02/13 14:56:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2010/02/13 10:06:22 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/10 07:00:00 | 000,504,580 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/10 07:00:00 | 000,088,140 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/10 00:11:42 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/07/22 11:51:34 | 003,432,656 | ---- | C] () -- C:\Program Files\ManagedDX.CAB

[2004/07/19 23:58:36 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab

[2004/07/19 23:53:26 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab

[2004/07/09 15:17:16 | 013,265,040 | ---- | C] () -- C:\Program Files\dxnt.cab

[2004/07/09 10:13:48 | 015,493,481 | ---- | C] () -- C:\Program Files\DirectX.cab

[2004/07/09 10:13:46 | 000,703,080 | ---- | C] () -- C:\Program Files\BDA.cab

[2001/12/27 06:38:04 | 000,054,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\LMFilt.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C76CFF82

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:63238B95

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8

< End of report >

___________________________________

OTL Extras logfile created on: 7/31/2011 2:21:42 AM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Anastasia\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 240.48 Mb Available Physical Memory | 23.52% Memory free

2.40 Gb Paging File | 1.07 Gb Available in Paging File | 44.56% Paging File free

Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 31.16 Gb Total Space | 5.17 Gb Free Space | 16.58% Space Free | Partition Type: NTFS

Drive E: | 298.02 Gb Total Space | 9.28 Gb Free Space | 3.12% Space Free | Partition Type: FAT32

Computer Name: ANASTASI-2371DA | User Name: Anastasia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.reg [@ = regfile] -- Reg Error: Key error. File not found

.scr [@ = scrfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [edit] -- Reg Error: Key error.

regfile [open] -- Reg Error: Key error.

regfile [merge] -- Reg Error: Key error.

regfile [print] -- Reg Error: Key error.

scrfile [config] -- Reg Error: Key error.

scrfile [install] -- Reg Error: Key error.

scrfile [open] -- Reg Error: Key error.

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"56174:TCP" = 56174:TCP:*:Enabled:Pando Media Booster

"56174:UDP" = 56174:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"56174:TCP" = 56174:TCP:*:Enabled:Pando Media Booster

"56174:UDP" = 56174:UDP:*:Enabled:Pando Media Booster

"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (America Online)

"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)

"C:\Program Files\Common Files\aol\1283925294\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1283925294\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)

"C:\Program Files\AOL 9.5a\waol.exe" = C:\Program Files\AOL 9.5a\waol.exe:*:Enabled:AOL

"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)

"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)

"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL -- (AOL Inc.)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\mcoinstall.exe" = C:\mcoinstall.exe:*:Enabled:mcoinstall

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

"E:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = E:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient

"E:\Program Files\BitTorrent\BitTorrent.exe" = E:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Documents and Settings\Anastasia\Local Settings\Temp\7zS6A.tmp\SymNRT.exe" = C:\Documents and Settings\Anastasia\Local Settings\Temp\7zS6A.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool

"E:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe" = E:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)

"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{102E305B-EB44-45B3-9D91-53443B88E5DD}" = BudgetSmart 2.0

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{3B585A53-CC41-4969-A7CB-F0E5D34ACA08}" = Roleplaying City Map Generator 5.40

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101

"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0

"{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader

"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate II - Throne of Bhaal

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

"AD&D Core Rules 2.0 Expansion" = Advanced Dungeons & Dragons Core Rules 2.0 Expansion

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"All ATI Software" = ATI - Software Uninstall Utility

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"ATI Display Driver" = ATI Display Driver

"Audacity_is1" = Audacity 1.2.6

"avast" = avast! Free Antivirus

"Baldur's Gate" = Baldur's Gate

"BitTorrent" = BitTorrent

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"Campaign Mapper" = Campaign Mapper

"Canon MP620 series User Registration" = Canon MP620 series User Registration

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"CTMBDemo_Audigy" = Sound Blaster Audigy ADVANCED MB Demo

"Digital Editions" = Adobe Digital Editions

"DivX Setup.divx.com" = DivX Setup

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"ESET Online Scanner" = ESET Online Scanner v3

"EZ Vinyl Converter by MixMeister_is1" = EZ Vinyl Converter 2.0.0 by MixMeister

"ffdshow_is1" = ffdshow

"ie8" = Windows Internet Explorer 8

"InstallShield_{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania

"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters

"Logitech Vid" = Logitech Vid HD

"lvdrivers_12.10" = Logitech Webcam Software Driver Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MIXERLITE" = Mixer

"Mozilla Firefox (3.6.19)" = Mozilla Firefox (3.6.19)

"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"RealPlayer 12.0" = RealPlayer

"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SynTPDeinstKey" = Synaptics TouchPad

"ViewpointMediaPlayer" = Viewpoint Media Player

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.00 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Game Organizer" = EasyBits GO

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Link to post
Share on other sites

  • Staff

Hi,

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7373

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/4/2011 5:10:17 AM

mbam-log-2011-08-04 (05-10-17).txt

Scan type: Quick scan

Objects scanned: 214461

Time elapsed: 23 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

________________________________________________

ComboFix 11-08-03.03 - Anastasia 08/04/2011 9:08.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.224 [GMT -4:00]

Running from: c:\documents and settings\Anastasia\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Anastasia\Application Data\Mozilla\Firefox\Profiles\8dg0nd8k.default\extensions\{83dcf4d3-a8cc-4308-9373-ed1013d5a522}

c:\documents and settings\Anastasia\Application Data\Mozilla\Firefox\Profiles\8dg0nd8k.default\extensions\{83dcf4d3-a8cc-4308-9373-ed1013d5a522}\chrome.manifest

c:\documents and settings\Anastasia\Application Data\Mozilla\Firefox\Profiles\8dg0nd8k.default\extensions\{83dcf4d3-a8cc-4308-9373-ed1013d5a522}\chrome\xulcache.jar

c:\documents and settings\Anastasia\Application Data\Mozilla\Firefox\Profiles\8dg0nd8k.default\extensions\{83dcf4d3-a8cc-4308-9373-ed1013d5a522}\defaults\preferences\xulcache.js

c:\documents and settings\Anastasia\Application Data\Mozilla\Firefox\Profiles\8dg0nd8k.default\extensions\{83dcf4d3-a8cc-4308-9373-ed1013d5a522}\install.rdf

c:\documents and settings\Anastasia\Application Data\PriceGong

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Anastasia\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Anastasia\rahtaymfgp.tmp

c:\documents and settings\Anastasia\WINDOWS

c:\documents and settings\Anastasia\WINDOWS\inifile.upd

c:\documents and settings\Anastasia\WINDOWS\win.ini

c:\program files\Shared

c:\windows\system32\_000005_.tmp.dll

c:\windows\XSxS

.

.

((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 )))))))))))))))))))))))))))))))

.

.

2011-08-03 23:28 . 2011-08-03 23:28 -------- d-----w- c:\documents and settings\Anastasia\Application Data\GARMIN

2011-08-03 02:49 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2011-08-03 02:49 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2011-08-03 02:49 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2011-08-03 02:49 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

2011-07-31 04:32 . 2011-07-31 04:32 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\iolo

2011-07-30 04:41 . 2011-07-19 19:42 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2011-07-30 04:40 . 2011-07-19 20:25 11776 ----a-w- c:\windows\system32\smrgdf.exe

2011-07-30 04:40 . 2011-07-19 20:25 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2011-07-30 04:40 . 2010-02-09 02:59 56200 ----a-w- c:\windows\system32\offreg.dll

2011-07-30 04:39 . 2011-07-30 04:39 -------- d-----w- c:\program files\iolo

2011-07-26 02:59 . 2011-07-26 02:59 -------- d-----w- c:\program files\Common Files\xing shared

2011-07-26 01:26 . 2011-07-26 01:26 -------- d-----w- c:\program files\Microsoft Silverlight

2011-07-25 22:45 . 2011-07-25 22:45 -------- d-----w- c:\program files\Microsoft.NET

2011-07-25 22:27 . 2011-07-08 05:37 552464 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe

2011-07-25 22:27 . 2011-07-08 05:37 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll

2011-07-25 22:27 . 2011-07-08 05:37 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll

2011-07-25 21:52 . 2001-08-17 17:28 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys

2011-07-25 21:52 . 2001-08-17 17:28 871388 ----a-w- c:\windows\system32\drivers\bcmdm.sys

2011-07-25 06:20 . 2011-07-25 06:20 -------- d-----w- c:\program files\ESET

2011-07-13 07:10 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-13 07:10 . 2011-07-16 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-13 07:10 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-04 11:43 . 2011-05-13 00:25 40112 ----a-w- c:\windows\avastSS.scr

2011-07-04 11:43 . 2011-05-13 00:25 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-04 11:36 . 2011-05-13 00:26 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-04 11:36 . 2011-05-13 00:26 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-04 11:35 . 2011-05-13 00:26 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-04 11:35 . 2011-05-13 00:26 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-07-04 11:35 . 2011-05-13 00:26 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-07-04 11:32 . 2011-05-13 00:26 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-04 11:32 . 2011-05-13 00:26 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-07-04 11:32 . 2011-05-13 00:26 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-06-22 05:25 . 2011-05-19 12:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02 . 2004-08-10 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2004-07-09 09:08 . 2004-07-09 09:08 472576 -c--a-w- c:\program files\dxsetup.exe

2004-07-09 09:08 . 2004-07-09 09:08 2242560 -c--a-w- c:\program files\dsetup32.dll

2004-07-09 08:03 . 2004-07-09 08:03 62976 -c--a-w- c:\program files\DSETUP.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-08-01 126976]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-08-01 557056]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"HostManager"="c:\program files\Common Files\AOL\1283925294\ee\AOLSoftware.exe" [2010-03-08 41800]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]

"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"NAV"="c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\16.0.0.125\InstStub.exe" [2011-05-12 968312]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-26 273544]

.

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\aol\\1283925294\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"e:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"e:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56174:TCP"= 56174:TCP:Pando Media Booster

"56174:UDP"= 56174:UDP:Pando Media Booster

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/12/2011 8:26 PM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/12/2011 8:26 PM 309848]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/12/2011 8:26 PM 19544]

R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 5:11 AM 428640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/13/2011 3:10 AM 22712]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 dmserver32;Logical Disk Manager ;c:\windows\system32\neth32.exe --> c:\windows\system32\neth32.exe [?]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/30/2011 12:41 AM 722616]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/13/2011 3:10 AM 366640]

S3 atimtai;atimtai;c:\windows\system32\drivers\atimtai.sys [9/7/2010 6:25 PM 281600]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/13/2011 3:10 AM 41272]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 7:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-920026266-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-08-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-920026266-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-08-03 c:\windows\Tasks\User_Feed_Synchronization-{880F263E-3F32-407E-B247-19092130FEB0}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ageofintrigue.com/board/

uInternet Settings,ProxyOverride = *.local;<local>

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Anastasia\Application Data\Mozilla\Firefox\Profiles\8dg0nd8k.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.ageofintrigue.com/board/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: XUL Cache: {fcec01d9-8437-4e40-98b8-108d7a49de4a} - %profile%\extensions\{fcec01d9-8437-4e40-98b8-108d7a49de4a}

FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{1c9b96a0-cba2-482e-9c40-9200b547123a} - (no file)

Toolbar-{1c9b96a0-cba2-482e-9c40-9200b547123a} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-04 09:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(676)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

.

Completion time: 2011-08-04 09:47:31

ComboFix-quarantined-files.txt 2011-08-04 13:47

.

Pre-Run: 3,210,428,416 bytes free

Post-Run: 5,210,595,328 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center" /fastdetect

.

- - End Of File - - A3FD1E7377B12694A30790A2013D523D

_________________________________________________________________________________________

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17

Run by Anastasia at 9:57:29 on 2011-08-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.83 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Common Files\AOL\1283925294\ee\AOLSoftware.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\Creative\Mixer\CTSVolFE.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Vid HD\Vid.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ageofintrigue.com/board/

uInternet Settings,ProxyOverride = *.local;<local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [HostManager] c:\program files\common files\aol\1283925294\ee\AOLSoftware.exe

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE

mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [NAV] "c:\program files\nortoninstaller\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav\2454b0ab\16.0.0.125\inststub.exe" /relaunch /runonce /media "d:\SETUP.EXE"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283922185625

DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0DC3161D-0A47-469D-B772-26470ED7EC82} : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\anastasia\application data\mozilla\firefox\profiles\8dg0nd8k.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.ageofintrigue.com/board/

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: c:\documents and settings\anastasia\application data\mozilla\firefox\profiles\8dg0nd8k.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJPI150_17.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: XUL Cache: {fcec01d9-8437-4e40-98b8-108d7a49de4a} - %profile%\extensions\{fcec01d9-8437-4e40-98b8-108d7a49de4a}

FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-12 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-12 309848]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-12 19544]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-12 42184]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-13 22712]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 dmserver32;Logical Disk Manager ;c:\windows\system32\neth32.exe --> c:\windows\system32\neth32.exe [?]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-7-30 722616]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-13 366640]

S3 atimtai;atimtai;c:\windows\system32\drivers\atimtai.sys [2010-9-7 281600]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-13 41272]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-08-04 09:16:43 -------- d-sha-r- C:\cmdcons

2011-08-04 09:11:57 98816 ----a-w- c:\windows\sed.exe

2011-08-04 09:11:57 518144 ----a-w- c:\windows\SWREG.exe

2011-08-04 09:11:57 256000 ----a-w- c:\windows\PEV.exe

2011-08-04 09:11:57 208896 ----a-w- c:\windows\MBR.exe

2011-08-03 23:28:06 -------- d-----w- c:\documents and settings\anastasia\application data\GARMIN

2011-08-03 02:49:46 5632 ----a-w- c:\windows\system32\ptpusb.dll

2011-08-03 02:49:39 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2011-08-03 02:49:39 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2011-08-03 02:49:21 159232 ----a-w- c:\windows\system32\ptpusd.dll

2011-07-30 04:41:20 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2011-07-30 04:40:20 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2011-07-30 04:40:20 11776 ----a-w- c:\windows\system32\smrgdf.exe

2011-07-30 04:40:14 56200 ----a-w- c:\windows\system32\offreg.dll

2011-07-30 04:39:49 -------- d-----w- c:\program files\iolo

2011-07-26 02:59:53 -------- d-----w- c:\program files\common files\xing shared

2011-07-25 22:27:06 552464 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

2011-07-25 22:27:00 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll

2011-07-25 22:27:00 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

2011-07-25 21:52:36 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys

2011-07-25 21:52:36 871388 ----a-w- c:\windows\system32\drivers\bcmdm.sys

2011-07-25 06:20:42 -------- d-----w- c:\program files\ESET

2011-07-13 07:10:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-13 07:10:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-13 07:10:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr

2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-06-22 05:25:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

2004-07-09 09:08:36 472576 -c--a-w- c:\program files\dxsetup.exe

2004-07-09 09:08:34 2242560 -c--a-w- c:\program files\dsetup32.dll

2004-07-09 08:03:10 62976 -c--a-w- c:\program files\DSETUP.dll

.

============= FINISH: 9:58:40.62 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

C:\Qoobox\Quarantine\C\Documents and Settings\Anastasia\Application Data\Mozilla\Firefox\Profiles\8dg0nd8k.default\extensions\{83dcf4d3-a8cc-4308-9373-ed1013d5a522}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\Anastasia\Application Data\Mozilla\Firefox\Profiles\8dg0nd8k.default\extensions\{83dcf4d3-a8cc-4308-9373-ed1013d5a522}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined

C:\System Volume Information\_restore{3BC262E3-514A-4AAA-A714-FF3BDFA5DCD6}\RP459\A0094895.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{3BC262E3-514A-4AAA-A714-FF3BDFA5DCD6}\RP459\A0094896.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{3BC262E3-514A-4AAA-A714-FF3BDFA5DCD6}\RP459\A0094897.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{3BC262E3-514A-4AAA-A714-FF3BDFA5DCD6}\RP459\A0094898.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined

C:\System Volume Information\_restore{3BC262E3-514A-4AAA-A714-FF3BDFA5DCD6}\RP460\A0094973.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{3BC262E3-514A-4AAA-A714-FF3BDFA5DCD6}\RP463\A0095593.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{3BC262E3-514A-4AAA-A714-FF3BDFA5DCD6}\RP463\A0096129.exe Win32/TrojanDownloader.Tracur.D trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{3BC262E3-514A-4AAA-A714-FF3BDFA5DCD6}\RP463\A0096130.dll Win32/BHO.NZK trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{3BC262E3-514A-4AAA-A714-FF3BDFA5DCD6}\RP465\A0097539.exe a variant of Win32/Kryptik.QZM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{3BC262E3-514A-4AAA-A714-FF3BDFA5DCD6}\RP465\A0097540.exe a variant of Win32/Kryptik.QZM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{3BC262E3-514A-4AAA-A714-FF3BDFA5DCD6}\RP465\A0097583.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{3BC262E3-514A-4AAA-A714-FF3BDFA5DCD6}\RP468\A0099926.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

_________________________________________

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Free Antivirus

ESET Online Scanner v3

iolo technologies' System Mechanic

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 21

Out of date Java installed!

Adobe Flash Player 10.3.181.26

Mozilla Firefox (3.6.19) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

iolo Common Lib ioloServiceManager.exe

``````````End of Log````````````

___________________________________________

I've tried google searches and have not been redirected, but sometimes when I open new Facebook tabs I get a popup saying "Firefox prevented this page from automatically redirecting to another page." I don't know if that's a virus or just the site.

Link to post
Share on other sites

  • Staff

Hi,

That may be the site itself. Can you give an example?

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Java™ 6 Update 21

Restart your computer.

Get the latest version of Java.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.