Slow computer and several spywares

View previous topic View next topic Go down

Slow computer and several spywares

Post by Mezmerized on Sun 04 Jul 2010, 12:28 pm

This website wouldn't let me reply for about a month, so hopefully now it's all goo. Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:50, on 4/07/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\PC Camera\3288.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3480 bytes

Mezmerized

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-01-30
Operating System : Windows XP

View user profile

Back to top Go down

Re: Slow computer and several spywares

Post by chiaz on Sun 04 Jul 2010, 2:15 pm

Hi Mezmerized,

Welcome! A few things before we start....
1. Please Read All Instructions Carefully.
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you.
4. If you have to go away for an extended period of time, let me know.
5. Please continue to respond until I give you the "All Clear".
(Just because you can't see a problem doesn't mean it isn't there)


Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


=======================

Next download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

chiaz

Malware Advisor
Malware Advisor

Posts : 126
Joined : 2010-03-16
Operating System : Vista

View user profile

Back to top Go down

Re: Slow computer and several spywares

Post by Mezmerized on Mon 05 Jul 2010, 7:37 am

OTL logfile created on: 5/07/2010 6:22:12 AM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Sharon\Desktop\Virus
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 313.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 53.50 Gb Free Space | 35.89% Space Free | Partition Type: NTFS
Drive D: | 86.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-19AD2330D9
Current User Name: Sharon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/12 09:35:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sharon\Desktop\Virus\OTL.exe
PRC - [2010/04/01 05:54:49 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/07 18:39:20 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/05/20 12:51:40 | 000,086,016 | R--- | M] (Microsoft) -- C:\Program Files\PC Camera\3288.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/18 08:52:27 | 000,579,584 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgcc.exe
PRC - [2007/12/21 11:36:57 | 000,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe
PRC - [2007/10/29 15:34:51 | 000,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
PRC - [2007/06/13 20:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/30 17:21:24 | 000,520,192 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/03/23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007/01/30 12:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe
PRC - [2006/12/29 04:46:10 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
PRC - [2006/09/26 20:51:16 | 002,486,272 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2006/09/26 20:51:14 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006/03/14 12:06:01 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2006/03/02 10:22:04 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/07/09 10:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/11/03 14:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2004/03/01 13:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EP.EXE
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2002/01/29 13:33:14 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 09:35:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sharon\Desktop\Virus\OTL.exe
MOD - [2006/08/26 01:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 22:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/12/21 11:36:57 | 000,406,528 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Free\avgemc.exe -- (AVGEMS)
SRV - [2007/10/29 15:34:51 | 000,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/12/29 04:46:10 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2005/07/09 10:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2002/01/29 13:33:14 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2010/03/07 18:39:20 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/07 18:39:20 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/03/07 18:39:18 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/25 15:45:28 | 000,031,104 | R--- | M] (usb camera) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcamcl.sys -- (usbcamcl)
DRV - [2007/12/21 11:36:58 | 000,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean)
DRV - [2007/10/29 15:34:35 | 000,821,856 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/02/24 09:22:15 | 000,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2007/02/22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006/12/29 04:46:19 | 000,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\avgtdi.sys -- (AvgTdi)
DRV - [2006/12/29 04:46:13 | 000,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2006/10/23 06:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/06/19 17:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/12 19:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/03/21 08:45:52 | 003,960,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/03/14 12:06:01 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2006/02/27 07:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/07/09 10:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/09 10:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/05/31 14:16:06 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/05/31 14:13:34 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/05/31 14:11:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/05/31 14:10:32 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/05/31 14:07:56 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/08/04 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 09:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/01/10 10:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2001/08/18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:3.0.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {D0B1E48E-6202-492C-B615-E507C029D47D}:1.9.1

FF - HKLM\software\mozilla\Firefox\extensions\\{D0B1E48E-6202-492C-B615-E507C029D47D}: C:\Documents and Settings\Sharon\Local Settings\Application Data\{D0B1E48E-6202-492C-B615-E507C029D47D} [2010/03/07 18:39:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 20:25:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/11 23:49:51 | 000,000,000 | ---D | M]

[2009/05/07 07:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\Mozilla\Extensions
[2009/03/08 10:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/29 21:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\r5a8gia0.default\extensions
[2007/08/09 17:57:28 | 000,000,000 | ---D | M] (INpact Dark Orange) -- C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\r5a8gia0.default\extensions\{08749A2F-9877-4934-BB64-687558DBB8D0}
[2009/08/29 21:04:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\r5a8gia0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/03/28 06:48:51 | 000,000,000 | ---D | M] (Blue Ice) -- C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\r5a8gia0.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2008/03/18 17:22:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\r5a8gia0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/29 21:51:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/30 15:16:37 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy133.xml
[2010/01/08 18:25:02 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy135.xml
[2010/01/23 10:13:49 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy139.xml
[2010/01/31 11:53:49 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy141.xml

O1 HOSTS File: ([2010/05/10 20:51:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [3288] C:\Program Files\PC Camera\3288.exe (Microsoft)
O4 - HKLM..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG Free\avgcc.exe (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe File not found
O4 - HKLM..\Run: [EPSON Stylus CX6500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Frofoyatu] C:\WINDOWS\okaxanetixivum.DLL File not found
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Cerberus] C:\WINDOWS\System32\Cerberus\server.exe File not found
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunServices: [cefpixLibrary] c:\Program Files\Canon\CanoScan Toolbox Ver4.1\cfpapiIRSDK.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\Sharon\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Sharon\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Sharon\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe ()
O4 - Startup: C:\Documents and Settings\Sharon\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} [You must be registered and logged in to see this link.] (Checkers Class)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} [You must be registered and logged in to see this link.] (Minesweeper Flags Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} [You must be registered and logged in to see this link.] (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\video/x-flv {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Sharon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sharon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/19 16:00:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{92e2c78d-3a4a-11df-a352-0017318d60cb}\Shell - "" = AutoRun
O33 - MountPoints2\{92e2c78d-3a4a-11df-a352-0017318d60cb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{92e2c78d-3a4a-11df-a352-0017318d60cb}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{fe1d1172-1cce-11df-a34e-0017318d60cb}\Shell\AutoRun\command - "" = G:\MobileLaunch.exe -- File not found
O33 - MountPoints2\{fe1d1172-1cce-11df-a34e-0017318d60cb}\Shell\mobile\command - "" = G:\MobileLaunch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/03 19:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Shared Effects
[2010/07/03 19:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Beatcraft
[2010/06/29 17:51:06 | 000,031,104 | R--- | C] (usb camera) -- C:\WINDOWS\System32\drivers\usbcamcl.sys
[2010/06/29 17:51:06 | 000,019,968 | R--- | C] (usb camera) -- C:\WINDOWS\System32\drivers\usbDecode.sys
[2010/06/29 17:50:59 | 008,023,552 | R--- | C] (ark) -- C:\WINDOWS\System32\drivers\PictureDll.sys
[2010/06/29 17:50:59 | 000,005,632 | R--- | C] (ark) -- C:\WINDOWS\System32\drivers\FilterDll.sys
[2010/06/29 17:50:58 | 000,496,640 | R--- | C] (ark) -- C:\WINDOWS\System32\drivers\FaceDll.sys
[2010/06/29 17:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\PC Camera
[2010/06/29 17:47:16 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/06/29 17:47:16 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/06/29 17:46:24 | 000,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2010/06/29 17:46:23 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/06/29 17:46:23 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/06/28 20:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sharon\Desktop\Phone
[2010/06/28 20:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/06/28 20:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/06/28 20:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/06/28 20:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/06/28 20:42:41 | 000,012,288 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcm.sys
[2010/06/28 20:42:41 | 000,012,288 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcj.sys
[2010/06/28 20:42:40 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdc.sys
[2010/06/28 20:42:36 | 000,137,216 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcd.sys
[2010/06/28 20:42:36 | 000,065,536 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010/06/28 20:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/06/28 20:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/06/21 20:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sharon\Desktop\Parkway Drive - Deep Blue
[2010/06/21 20:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sharon\Desktop\The_Amity_Affliction-Youngbloods-2010-FRAY
[2010/06/21 20:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sharon\Desktop\VA-Rockin_Romance_II-2010-FANA
[2010/06/20 21:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\kbuhkqlok
[2010/06/16 11:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sharon\Desktop\Alesana - Where Myth Fades To Legend 2008 (freaktofreak.blogspot.com)
[2010/06/09 15:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sharon\Desktop\Virus
[2010/06/06 08:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft

========== Files - Modified Within 30 Days ==========

[2010/07/05 06:18:58 | 000,012,718 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/05 06:18:46 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/05 06:18:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/05 06:18:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 06:18:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/05 06:15:26 | 012,845,056 | -H-- | M] () -- C:\Documents and Settings\Sharon\NTUSER.DAT
[2010/07/05 06:15:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Sharon\ntuser.ini
[2010/07/05 05:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/03 19:53:44 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\Beatcraft.lnk
[2010/07/03 19:52:40 | 008,724,024 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\Acoustica-Beatcraft-Installer.exe
[2010/07/02 19:04:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/29 17:59:29 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/29 17:56:45 | 000,001,188 | ---- | M] () -- C:\Documents and Settings\Sharon\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
[2010/06/29 17:51:06 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\camera.ini
[2010/06/29 17:50:57 | 000,000,495 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amcap.exe.lnk
[2010/06/28 21:19:34 | 000,054,488 | ---- | M] () -- C:\Documents and Settings\Sharon\Application Data\NMM-MetaData.db
[2010/06/28 20:48:35 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/06/28 20:48:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_05_00.Wdf
[2010/06/28 20:43:33 | 000,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/06/21 21:26:23 | 045,236,731 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\VA - Rockin' Romance (2009).rar
[2010/06/20 22:17:09 | 080,360,892 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\A2PDB.rar
[2010/06/20 22:16:48 | 094,286,332 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\A2PRR.rar
[2010/06/20 22:12:02 | 069,547,972 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\A2PY.rar
[2010/06/20 21:30:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/16 06:52:38 | 060,961,789 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\Alesana - Where Myth Fades To Legend 2008 (freaktofreak.blogspot.com).rar
[2010/06/14 08:18:25 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\DivX Movies.lnk
[2010/06/14 08:17:14 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/14 08:15:39 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/10 12:43:12 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\LimeWire 5.5.9.lnk

========== Files Created - No Company Name ==========

[2010/07/03 19:53:44 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\Beatcraft.lnk
[2010/07/03 19:51:49 | 008,724,024 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\Acoustica-Beatcraft-Installer.exe
[2010/06/29 17:51:06 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\camera.ini
[2010/06/29 17:50:57 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\face.ax
[2010/06/29 17:50:57 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\CoUninstall.dll
[2010/06/29 17:50:57 | 000,000,495 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amcap.exe.lnk
[2010/06/28 21:19:34 | 000,054,488 | ---- | C] () -- C:\Documents and Settings\Sharon\Application Data\NMM-MetaData.db
[2010/06/28 20:43:33 | 000,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/06/21 21:18:23 | 045,236,731 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\VA - Rockin' Romance (2009).rar
[2010/06/21 20:43:29 | 000,001,188 | ---- | C] () -- C:\Documents and Settings\Sharon\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
[2010/06/20 21:51:07 | 080,360,892 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\A2PDB.rar
[2010/06/20 21:51:05 | 069,547,972 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\A2PY.rar
[2010/06/20 21:51:00 | 094,286,332 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\A2PRR.rar
[2010/06/16 06:45:53 | 060,961,789 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\Alesana - Where Myth Fades To Legend 2008 (freaktofreak.blogspot.com).rar
[2010/06/14 08:18:25 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\DivX Movies.lnk
[2010/06/14 08:17:14 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/14 08:15:39 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/10 12:43:12 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\LimeWire 5.5.9.lnk
[2010/01/24 14:27:00 | 011,481,088 | ---- | C] () -- C:\WINDOWS\System32\milkguitar.dll
[2009/12/23 01:27:20 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/23 01:27:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/15 16:03:31 | 000,000,072 | R--- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2009/03/15 15:59:59 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2009/03/15 15:59:59 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2009/03/15 15:59:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2009/03/13 17:49:55 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/03/13 17:45:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX6500.ini
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/01 20:13:06 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/02/01 17:52:53 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2008/02/01 17:46:51 | 000,000,593 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2008/02/01 17:46:41 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/02/01 17:46:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2007/04/23 10:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/21 08:03:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/13 07:49:53 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/02/01 07:28:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3y.DLL
[2007/01/30 16:27:41 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/01/30 16:27:41 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/01/30 16:27:41 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/01/06 22:13:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/29 04:01:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/29 03:05:41 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/12/29 03:05:35 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/12/29 03:03:47 | 000,014,842 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/12/29 03:03:43 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/12/19 07:49:17 | 000,000,554 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/10/23 06:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/23 06:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/23 06:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/23 06:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/23 06:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/23 06:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/23 06:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/05/31 14:19:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Mezmerized

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-01-30
Operating System : Windows XP

View user profile

Back to top Go down

Re: Slow computer and several spywares

Post by Mezmerized on Mon 05 Jul 2010, 7:39 am

No otl extras log was created?

Mezmerized

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-01-30
Operating System : Windows XP

View user profile

Back to top Go down

Re: Slow computer and several spywares

Post by chiaz on Mon 05 Jul 2010, 11:24 am

Please run OTL.exe.

  • Copy the commands in red below by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    [2009/12/30 15:16:37 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy133.xml
    [2010/01/08 18:25:02 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy135.xml
    [2010/01/23 10:13:49 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy139.xml
    [2010/01/31 11:53:49 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy141.xml
    O4 - HKLM..\Run: [Frofoyatu] C:\WINDOWS\okaxanetixivum.DLL File not found
    O4 - HKCU..\Run: [Cerberus] C:\WINDOWS\System32\Cerberus\server.exe File not found
    O18 - Protocol\Filter\video/x-flv {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - Reg Error: Key error. File not found
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




chiaz

Malware Advisor
Malware Advisor

Posts : 126
Joined : 2010-03-16
Operating System : Vista

View user profile

Back to top Go down

Re: Slow computer and several spywares

Post by Mezmerized on Tue 20 Jul 2010, 1:17 am

Error: Unable to interpret <[2009/12/30 15:16:37 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy133.xml> in the current context!
Error: Unable to interpret <[2010/01/08 18:25:02 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy135.xml> in the current context!
Error: Unable to interpret <[2010/01/23 10:13:49 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy139.xml> in the current context!
Error: Unable to interpret <[2010/01/31 11:53:49 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy141.xml> in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret <@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34> in the current context!

OTL by OldTimer - Version 3.2.4.1 log created on 07202010_001521

Mezmerized

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-01-30
Operating System : Windows XP

View user profile

Back to top Go down

Re: Slow computer and several spywares

Post by chiaz on Thu 22 Jul 2010, 10:28 pm

Sorry for the late reply.

Did you copy the entire red code in full?

Including the first line :OTL ?

chiaz

Malware Advisor
Malware Advisor

Posts : 126
Joined : 2010-03-16
Operating System : Vista

View user profile

Back to top Go down

Re: Slow computer and several spywares

Post by Sponsored content Today at 11:32 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum