Most recent: Trojan.Crypt and Trojan.Agent

View previous topic View next topic Go down

Most recent: Trojan.Crypt and Trojan.Agent

Post by Vendetta on Sun 24 Jul 2011, 9:20 am

HP Tablet /windows xp professional, ver 2002, svc pack 3. Note this user, George, is listed as an administrator, yet the system does not always respond correctly, as at one time this computer was part of a network at his office. None of the server pws worked.

OTL Extras logfile created on: 7/23/2011 3:15:02 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\george\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.08% Memory free
3.84 Gb Paging File | 3.08 Gb Available in Paging File | 80.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.06 Gb Free Space | 69.87% Space Free | Partition Type: NTFS

Computer Name: GEORGE | User Name: george | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe" = C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0515803B-5068-4599-8666-963E143C7381}" = HP Smart Card Security for ProtectTools 5.00 D4
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = TIPCI
"{7B73C666-BEFF-4F97-997A-9F995A4C0879}" = Embedded Security for HP ProtectTools
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{97CDE011-0EE1-424F-A60F-6BBADC337C17}" = ActivClient Mini
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 D1
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C97DE62E-31E2-4146-AD23-4C6B0C028BCE}" = HP Java Card Security for ProtectTools 1.00 B4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F8F28729-B336-492C-B4FD-53A9BBDF0482}" = Intel(R) PROSet/Wireless WiFi Software
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"ProInst" = Intel PROSet Wireless
"Smart Defrag 2_is1" = Smart Defrag 2
"WacomPenabled" = Wacom Pen Driver 2.7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2011 3:06:41 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17687

Error - 7/23/2011 3:06:43 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/23/2011 3:06:43 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19734

Error - 7/23/2011 3:06:43 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19734

Error - 7/23/2011 3:06:45 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/23/2011 3:06:45 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21734

Error - 7/23/2011 3:06:45 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21734

Error - 7/23/2011 3:06:47 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/23/2011 3:06:47 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 23719

Error - 7/23/2011 3:06:47 PM | Computer Name = GEORGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 23719

[ Credential Manager Events ]
Error - 3/14/2010 7:37:44 PM | Computer Name = GEORGE-TABLET | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: george@GEORGE-TABLET
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 10/27/2010 3:21:20 PM | Computer Name = GEORGE-TABLET | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: george@GEORGE-TABLET
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 10/27/2010 3:22:43 PM | Computer Name = GEORGE-TABLET | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: george@GEORGE-TABLET
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

[ System Events ]
Error - 7/17/2011 12:40:52 AM | Computer Name = GEORGE-TABLET | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ACachSrv with
arguments "-Service" in order to run the server: {40E84C48-C62F-4D73-80C1-18C71D0842C3}

Error - 7/17/2011 1:37:45 AM | Computer Name = GEORGE-TABLET | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ACachSrv with
arguments "-Service" in order to run the server: {40E84C48-C62F-4D73-80C1-18C71D0842C3}

Error - 7/20/2011 3:30:58 AM | Computer Name = DISPAIR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ACachSrv with
arguments "-Service" in order to run the server: {40E84C48-C62F-4D73-80C1-18C71D0842C3}

Error - 7/20/2011 5:44:03 PM | Computer Name = DISPAIR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ACachSrv with
arguments "-Service" in order to run the server: {40E84C48-C62F-4D73-80C1-18C71D0842C3}

Error - 7/20/2011 5:51:10 PM | Computer Name = DISPAIR | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 7/20/2011 8:10:36 PM | Computer Name = DISPAIR | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 7/20/2011 8:17:00 PM | Computer Name = DISPAIR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ACachSrv with
arguments "-Service" in order to run the server: {40E84C48-C62F-4D73-80C1-18C71D0842C3}

Error - 7/20/2011 11:27:12 PM | Computer Name = DISPAIR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ACachSrv with
arguments "-Service" in order to run the server: {40E84C48-C62F-4D73-80C1-18C71D0842C3}

Error - 7/21/2011 8:51:12 AM | Computer Name = DISPAIR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ACachSrv with
arguments "-Service" in order to run the server: {40E84C48-C62F-4D73-80C1-18C71D0842C3}

Error - 7/23/2011 3:23:02 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7000
Description = The Agere Modem Call Progress Audio service failed to start due to
the following error: %%2OTL logfile created on: 7/23/2011 3:15:02 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\george\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.08% Memory free
3.84 Gb Paging File | 3.08 Gb Available in Paging File | 80.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.06 Gb Free Space | 69.87% Space Free | Partition Type: NTFS

Computer Name: GEORGE | User Name: george | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/23 15:09:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\george\My Documents\Downloads\OTL.com
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/06/28 18:51:57 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/22 16:43:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/28 14:46:56 | 003,380,624 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/29 01:28:43 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/10/19 15:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/10/19 15:16:10 | 000,966,656 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/10/19 15:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/16 22:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/07/24 09:21:48 | 000,140,568 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2007/02/07 02:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/01/10 22:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/12/19 20:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\SAgent4.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/04/10 18:56:36 | 000,081,920 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient Mini\acevents.exe
PRC - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe


========== Modules (SafeList) ==========

MOD - [2011/07/23 15:09:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\george\My Documents\Downloads\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/02/26 04:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (UMXT)
SRV - File not found [Auto | Stopped] -- -- (AgereModemAudio)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/06/28 18:51:57 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/29 01:28:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/19 15:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/10/19 15:16:10 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2010/10/19 15:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/12/16 22:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/07/24 09:21:48 | 000,140,568 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/06/08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/02/07 02:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/10 22:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 20:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\SAgent4.exe -- (StatusAgent4)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/06/22 06:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/05/02 17:28:48 | 000,135,168 | ---- | M] (ActivIdentity) [Disabled | Stopped] -- C:\Program Files\ActivIdentity\ActivClient Mini\accoca.exe -- (accoca)
SRV - [2006/04/12 17:43:38 | 000,081,920 | ---- | M] (ActivIdentity) [Disabled | Stopped] -- C:\Program Files\ActivIdentity\ActivClient Mini\acachsrv.exe -- (acachsrv)
SRV - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/06/28 18:51:58 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 18:51:58 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/10/07 06:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32) Intel(R)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/19 23:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/11/17 16:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/28 16:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/03/13 04:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/12/14 10:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/08/28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/07/24 09:21:52 | 000,038,816 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/07/24 09:21:46 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/05/09 14:27:00 | 000,097,280 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2007/01/22 15:09:38 | 000,034,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wisdpen.sys -- (wisdpen)
DRV - [2006/08/28 15:40:48 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/05/12 14:21:22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/12 14:19:04 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/12 14:17:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/12 14:16:44 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/12 14:13:46 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/01/10 02:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/01/10 02:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2005/10/26 11:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 07:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.thedragonempire.com/users/online"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.5.4.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/22 23:19:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 16:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/18 21:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/02/19 21:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\george\Application Data\Mozilla\Extensions
[2010/02/19 21:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\george\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/23 14:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\3v5pqqne.default\extensions
[2010/12/23 21:46:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\3v5pqqne.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/13 12:55:03 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\3v5pqqne.default\extensions\2020Player@2020Technologies.com
[2011/03/07 12:34:54 | 000,002,296 | ---- | M] () -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\3v5pqqne.default\searchplugins\dwarf-fortress-wiki-en.xml
[2011/07/23 14:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/12 03:49:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/12 03:49:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/12 14:08:51 | 000,427,930 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14760 more lines...
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\Program Files\ActivIdentity\ActivClient Mini\ackpbsc.dll - C:\Program Files\ActivIdentity\ActivClient Mini\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient Mini\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient Mini\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\george\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\george\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/19 20:29:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "accoca"
MsConfig - Services: "acachsrv"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: EPSON NX510 Series - hkey= - key= - File not found
MsConfig - StartUpReg: IntelWireless - hkey= - key= - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
MsConfig - StartUpReg: IntelZeroConfig - hkey= - key= - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
MsConfig - StartUpReg: MobiLink3 - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: IMFservice - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)



< End of report >









Vendetta

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2010-04-20
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Most recent: Trojan.Crypt and Trojan.Agent

Post by Belahzur on Sun 24 Jul 2011, 9:24 am

Hi,


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

cont rest of post one and combo thing

Post by Vendetta on Sun 24 Jul 2011, 10:17 am

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/22 21:58:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/07/22 21:58:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/07/22 21:58:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/07/22 21:58:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/07/22 16:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/07/22 16:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Booster
[2011/07/22 16:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/07/22 16:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2011/07/22 16:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/07/22 16:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\IObit
[2011/07/22 16:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/07/22 11:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/22 11:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Start Menu\Programs\HiJackThis
[2011/07/20 17:44:38 | 000,000,000 | ---D | C] -- C:\0c31b97f0dc6b6f019f93b1e06
[2011/07/19 15:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/07/19 15:50:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/07/19 15:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/07/19 15:50:04 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2011/07/19 13:57:45 | 000,000,000 | ---D | C] -- C:\186a7ef0acf295e5c2
[2011/07/19 13:47:17 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/07/19 13:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/07/19 13:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/07/19 11:21:35 | 000,131,072 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\SAgent4.exe
[2011/07/16 18:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/07/16 18:34:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/14 11:29:02 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2011/07/14 11:29:02 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2011/07/14 11:29:02 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2011/07/14 11:29:02 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2011/07/14 11:29:02 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2011/07/14 11:29:02 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2011/07/14 11:29:02 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2011/07/14 11:29:02 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2011/07/14 11:29:01 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2011/07/14 11:29:01 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2011/07/14 11:29:01 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2011/07/14 11:29:01 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2011/07/14 11:29:01 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2011/07/14 11:29:01 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2011/07/14 11:29:01 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2011/07/14 11:29:01 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2011/07/14 11:29:01 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2011/07/14 11:29:00 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2011/07/14 11:29:00 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2011/07/14 11:29:00 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2011/07/14 11:29:00 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2011/07/14 11:29:00 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2011/07/14 11:28:59 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2011/07/14 11:28:59 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2011/07/14 11:28:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2011/07/14 11:28:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2011/07/14 11:28:49 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2011/07/14 11:28:49 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2011/07/14 11:28:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2011/07/14 11:28:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2011/07/14 11:28:49 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2011/07/14 11:28:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2011/07/14 11:28:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2011/07/14 11:28:49 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2011/07/14 11:28:48 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2011/07/14 11:28:48 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2011/07/14 11:28:41 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2011/07/14 11:28:41 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2011/07/14 11:28:41 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2011/07/14 11:28:41 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2011/07/14 11:28:41 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2011/07/14 11:28:41 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2011/07/14 11:28:39 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2011/07/14 11:28:39 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2011/07/14 11:28:39 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2011/07/14 11:28:39 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2011/07/14 11:28:39 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2011/07/14 11:28:39 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2011/07/14 11:28:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2011/07/14 11:28:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2011/07/14 11:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Support Tools
[2011/07/14 11:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2011/07/10 18:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Desktop\Unused Desktop Shortcuts
[2011/07/04 15:40:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\george\Recent
[2011/07/04 15:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/24 13:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Desktop\LazyNewbPack[0.31.25][V9.2]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/23 14:45:59 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/07/23 14:34:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/23 14:22:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/23 14:22:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/23 14:22:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/23 14:22:38 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/22 21:59:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/22 21:28:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/22 21:19:23 | 000,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/22 17:16:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/22 16:21:58 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/07/22 16:21:16 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Switch to Gaming Mode.lnk
[2011/07/22 16:21:16 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2011/07/22 16:14:58 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/07/22 16:10:11 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/07/22 16:10:11 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/07/22 11:16:17 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\george\Desktop\HiJackThis.lnk
[2011/07/22 00:58:56 | 000,457,982 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/22 00:58:56 | 000,076,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/19 15:38:42 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\george\Desktop\vt laminate formica sizes etc.rtf
[2011/07/19 10:45:37 | 000,405,354 | ---- | M] () -- C:\Documents and Settings\george\My Documents\VTindustries Specs Wilsonart Formica.pdf
[2011/07/18 23:21:40 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/18 09:57:40 | 000,000,580 | ---- | M] () -- C:\Documents and Settings\george\Desktop\Firefox non-responding.rtf
[2011/07/16 18:34:53 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/14 13:21:07 | 2734,144,512 | ---- | M] () -- C:\Documents and Settings\george\Desktop\Let me choose a location not listed here Backup 7-14-11.bkf
[2011/07/14 01:08:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\george\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/13 21:56:49 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\george\My Documents\Words to live by.rtf
[2011/07/13 16:59:46 | 000,001,152 | ---- | M] () -- C:\Documents and Settings\george\Desktop\Shortcut to wordpad.lnk
[2011/07/12 22:17:08 | 000,003,724 | ---- | M] () -- C:\Documents and Settings\george\My Documents\2011 George & Priscilla Bookkeeping.rtf
[2011/07/11 16:09:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\george\My Documents\Snozzberries coatl offer.rtf
[2011/07/11 11:39:19 | 000,005,634 | ---- | M] () -- C:\Documents and Settings\george\Application Data\Microsoft\Internet Explorer\Quick Launch\commentuser.png
[2011/07/08 11:10:50 | 041,901,351 | ---- | M] () -- C:\Documents and Settings\george\Desktop\Sixth World Almanac.PDF
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/28 18:51:58 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/28 18:51:58 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/26 13:31:50 | 000,000,305 | ---- | M] () -- C:\Documents and Settings\george\My Documents\Wajas - lovely dyeballs by shadow and others.rtf
[2011/06/26 13:31:00 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\george\My Documents\Wajas - junk items to stock.rtf
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/22 16:21:16 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Switch to Gaming Mode.lnk
[2011/07/22 16:21:16 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2011/07/22 16:18:54 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/07/22 16:15:20 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/07/22 16:15:00 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/07/22 16:14:59 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/07/22 16:14:58 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/07/22 16:10:11 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/07/22 16:10:11 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/07/22 11:16:17 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\george\Desktop\HiJackThis.lnk
[2011/07/19 16:01:35 | 041,901,351 | ---- | C] () -- C:\Documents and Settings\george\Desktop\Sixth World Almanac.PDF
[2011/07/19 10:45:37 | 000,405,354 | ---- | C] () -- C:\Documents and Settings\george\My Documents\VTindustries Specs Wilsonart Formica.pdf
[2011/07/18 22:59:37 | 000,002,409 | ---- | C] () -- C:\Documents and Settings\george\Desktop\vt laminate formica sizes etc.rtf
[2011/07/18 09:57:40 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\george\Desktop\Firefox non-responding.rtf
[2011/07/16 18:34:53 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/14 13:02:19 | 2734,144,512 | ---- | C] () -- C:\Documents and Settings\george\Desktop\Let me choose a location not listed here Backup 7-14-11.bkf
[2011/07/14 11:28:43 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/07/14 11:28:43 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/07/14 11:28:43 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/07/14 11:28:43 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/07/14 11:28:43 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/07/14 11:28:43 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/07/14 11:28:43 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/07/14 11:28:43 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/07/14 11:28:42 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/07/14 11:28:42 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/07/14 11:28:42 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/07/14 01:08:32 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\george\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/14 01:08:32 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\george\Start Menu\Programs\Internet Explorer.lnk
[2011/07/13 21:56:48 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\george\My Documents\Words to live by.rtf
[2011/07/13 16:59:46 | 000,001,152 | ---- | C] () -- C:\Documents and Settings\george\Desktop\Shortcut to wordpad.lnk
[2011/07/12 22:14:03 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 21:52:46 | 000,003,724 | ---- | C] () -- C:\Documents and Settings\george\My Documents\2011 George & Priscilla Bookkeeping.rtf
[2011/07/11 13:16:53 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\george\My Documents\Snozzberries coatl offer.rtf
[2011/07/11 11:39:19 | 000,005,634 | ---- | C] () -- C:\Documents and Settings\george\Application Data\Microsoft\Internet Explorer\Quick Launch\commentuser.png
[2011/06/26 13:31:28 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\george\My Documents\Wajas - lovely dyeballs by shadow and others.rtf
[2011/06/26 07:40:32 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\george\My Documents\Wajas - junk items to stock.rtf
[2011/06/20 18:55:45 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\george\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/02 03:21:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/08 02:12:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/20 23:10:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/11/19 12:58:23 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/11/19 12:58:22 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/11/19 12:58:22 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/11/19 12:58:22 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/11/19 12:58:22 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/11/19 12:58:22 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/11/19 12:58:22 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/11/19 12:58:22 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/11/19 12:58:22 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/11/19 12:58:22 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/11/19 12:58:22 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/11/19 12:58:22 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/11/19 12:58:22 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/11/19 12:58:22 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/11/19 12:58:22 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/11/19 12:58:22 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/11/19 12:51:28 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPNX510.ini
[2010/10/27 14:15:32 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/02/19 21:30:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\std201mt.dll
[2010/02/19 21:24:00 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/02/19 20:52:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/19 20:42:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/02/19 20:31:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/19 20:27:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/19 10:23:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/19 10:22:23 | 000,117,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/08 10:05:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2007/01/31 17:02:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/12 14:23:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,457,982 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,076,526 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 13:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 13:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/05/07 03:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2011/02/23 19:39:23 | 000,001,706 | -H-- | M] () -- C:\Documents and Settings\george\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/06/22 16:43:03 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/06/22 16:43:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/06/22 16:43:04 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/06/22 16:43:04 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/01/09 19:37:42 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/02/19 21:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\ActivIdentity
[2011/06/15 10:50:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/19 21:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2010/11/18 21:25:03 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/12/31 18:46:49 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010/11/18 21:24:29 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/05/19 19:17:37 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/06/15 10:50:48 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/02/19 20:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/11/19 13:25:29 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2010/11/19 12:57:20 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software
[2010/11/19 12:58:44 | 000,000,000 | ---D | M] -- C:\Program Files\EpsonNet
[2011/01/07 20:49:16 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/03/18 22:28:51 | 000,000,000 | ---D | M] -- C:\Program Files\File Type Assistant
[2010/02/19 20:57:49 | 000,000,000 | ---D | M] -- C:\Program Files\Fingerprint Sensor
[2011/03/07 20:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/02/19 21:42:14 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/02/19 21:28:59 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2010/11/19 12:58:43 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/02/11 21:07:10 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/07/22 21:59:45 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/07/22 16:21:14 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/11/18 21:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/11/18 21:26:20 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/01/12 03:49:12 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/07/17 15:45:03 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/13 19:56:52 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/02/19 20:29:37 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/10/27 15:15:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/15 10:16:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/07/19 13:46:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/23 14:58:17 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/06/22 16:43:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/05/18 16:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2011/07/19 15:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/10/27 15:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2011/01/05 14:15:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/02/19 20:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/02/21 22:51:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/03/13 19:52:23 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/02/19 20:26:55 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/16 19:10:21 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/11/18 21:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/07/19 15:50:38 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/07/16 18:34:53 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/02/19 21:23:55 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2011/01/12 23:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/14 11:04:11 | 000,000,000 | ---D | M] -- C:\Program Files\Support Tools
[2011/07/22 11:16:17 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/02/19 20:34:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/02/19 20:59:13 | 000,000,000 | ---D | M] -- C:\Program Files\Wacom
[2011/02/11 11:36:17 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2011/03/07 20:34:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/03/07 20:34:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/07/14 11:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/02/19 20:28:26 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/02/19 20:29:37 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/03/13 19:49:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/03/13 19:49:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/03/13 19:49:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/03/13 19:49:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/03/13 19:49:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2010/03/13 19:49:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: IASTOR.SYS >
[2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
[2005/10/12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\iaStor.sys
[2005/10/12 13:08:52 | 000,508,416 | ---- | M] (Intel Corporation) MD5=7C2D98D430DD91570DB63E819B9BC7E0 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-22 05:59:23

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/22 16:43:04 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/22 16:43:04 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/22 16:43:04 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/22 16:43:03 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/22 16:43:03 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/22 16:43:03 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/22 16:43:04 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/22 16:43:04 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/22 16:43:04 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/22 16:43:03 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/22 16:43:03 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/22 16:43:03 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >
aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-23 15:35:20
-----------------------------
15:35:20.968 OS Version: Windows 5.1.2600 Service Pack 3
15:35:20.968 Number of processors: 2 586 0xF06
15:35:20.968 ComputerName: GEORGE UserName: george
15:35:22.062 Initialize success
15:36:15.343 AVAST engine defs: 11072302
16:31:15.203 The log file has been saved successfully to "C:\Documents and Settings\george\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
HP Java Card Security for ProtectTools 1.00 B4
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Adobe Reader X (10.1.0)
Mozilla Firefox (3.6.18) Firefox Out of Date!
Mozilla Thunderbird (3.0.1) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avguard.exe
IObit IObit Malware Fighter IMFsrv.exe
``````````End of Log````````````

RENAMED COMBO THING coming soon

Vendetta

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2010-04-20
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Most recent: Trojan.Crypt and Trojan.Agent

Post by Vendetta on Sun 24 Jul 2011, 10:41 am

ComboFix 11-07-23.04 - george 07/23/2011 18:21:54.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1196 [GMT -5:00]
Running from: c:\documents and settings\george\My Documents\Downloads\PCHelpForum.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
.
.
((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))
.
.
2011-07-23 02:58 . 2011-07-23 02:58 -------- d-----w- c:\windows\system32\winrm
2011-07-23 02:58 . 2011-07-23 02:58 -------- d-----w- c:\windows\system32\GroupPolicy
2011-07-23 02:58 . 2011-07-23 02:58 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-07-22 21:21 . 2011-07-22 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-07-22 21:15 . 2011-02-23 21:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-07-22 21:14 . 2011-02-23 22:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-07-22 21:10 . 2011-07-22 21:18 -------- d-----w- c:\documents and settings\george\Application Data\IObit
2011-07-22 21:10 . 2011-07-22 21:21 -------- d-----w- c:\program files\IObit
2011-07-22 16:16 . 2011-07-22 16:16 388096 ----a-r- c:\documents and settings\george\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-22 16:16 . 2011-07-22 16:16 -------- d-----w- c:\program files\Trend Micro
2011-07-20 22:44 . 2011-07-20 22:44 -------- d-----w- C:\0c31b97f0dc6b6f019f93b1e06
2011-07-19 20:50 . 2011-07-19 20:50 -------- d-----w- c:\program files\MSBuild
2011-07-19 20:50 . 2011-07-20 22:45 -------- d-----w- c:\windows\system32\XPSViewer
2011-07-19 20:50 . 2011-07-19 20:50 -------- d-----w- c:\program files\Reference Assemblies
2011-07-19 20:50 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-19 20:50 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-07-19 18:57 . 2011-07-19 20:39 -------- d-----w- C:\186a7ef0acf295e5c2
2011-07-19 18:46 . 2011-07-19 18:46 -------- d-----w- c:\program files\Microsoft.NET
2011-07-19 16:21 . 2006-12-20 01:14 131072 ----a-w- c:\windows\system32\SAgent4.exe
2011-07-16 23:34 . 2011-07-16 23:34 -------- d-----r- c:\program files\Skype
2011-07-14 16:28 . 2006-02-28 12:00 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2011-07-14 16:04 . 2011-07-14 16:04 -------- d-----w- c:\program files\Support Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-19 04:21 . 2011-06-09 22:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 00:52 . 2011-01-07 23:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2011-01-07 23:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 23:51 . 2010-12-31 23:46 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-28 23:51 . 2010-12-31 23:46 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-02 14:02 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2010-02-20 01:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-02-28 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2006-04-27 21:43 98304 ----a-w- c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2006-04-14 21:55 94208 ----a-w- c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 15:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 07:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON NX510 Series]
2008-11-20 05:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFIA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2010-10-19 20:06 1206544 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2010-10-19 20:19 1400832 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"accoca"=2 (0x2)
"acachsrv"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/22/2011 4:14 PM 13496]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [7/24/2007 9:21 AM 38816]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [7/22/2011 4:10 PM 353168]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/31/2010 6:46 PM 136360]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [7/22/2011 4:18 PM 820568]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/28/2006 6:05 PM 97280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/21/2005 12:19 PM 41216]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2/11/2011 9:07 PM 6609920]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [1/22/2007 3:09 PM 34736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2011 2:10 AM 136176]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2/19/2010 9:00 PM 193840]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2/19/2010 9:34 PM 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6/8/2007 10:06 AM 172131]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2011 2:10 AM 136176]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [7/22/2011 4:21 PM 30368]
S3 UMXT;UMXT;c:\docume~1\ADMINI~1\LOCALS~1\Temp\UMXT.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\UMXT.exe [?]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [7/22/2011 4:21 PM 16080]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2/19/2010 10:24 AM 14208]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 acachsrv;ActivClient Authentication Service;c:\program files\ActivIdentity\ActivClient Mini\acachsrv.exe [4/12/2006 5:43 PM 81920]
S4 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient Mini\accoca.exe [5/2/2006 5:28 PM 135168]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [7/22/2011 4:21 PM 239600]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 07:10]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 07:10]
.
2011-07-23 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-07-22 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\george\Application Data\Mozilla\Firefox\Profiles\3v5pqqne.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: 20-20 3D Viewer: [You must be registered and logged in to see this link.] - %profile%\extensions\2020Player@2020Technologies.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-MobiLink3 - c:\program files\Novatel Wireless\Virgin Mobile\MobiLink3.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-07-23 18:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-152049171-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\APSHook.dll
c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\aclog.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acauth.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\asphatrc.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\system32\netprovcredman.dll
c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(1092)
c:\windows\system32\APSHook.dll
.
Completion time: 2011-07-23 18:27:19
ComboFix-quarantined-files.txt 2011-07-23 23:27
.
Pre-Run: 55,702,016,000 bytes free
Post-Run: 56,042,811,392 bytes free
.
- - End Of File - - 195E9527493BACFD0E2438B5DEF16AFD

Vendetta

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2010-04-20
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Most recent: Trojan.Crypt and Trojan.Agent

Post by Belahzur on Sun 24 Jul 2011, 10:54 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Most recent: Trojan.Crypt and Trojan.Agent

Post by Sponsored content Today at 2:46 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum