[Inactive] Search Engine Redirect

Bill C · #81 (**permalink**) 04-11-2009, 07:00 PM

Ran MBR tool. Log follows.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

broni · #82 (**permalink**) 04-11-2009, 07:23 PM

In IE, go Tools>Internet Options>Advanced tab, click on "Reset" button.
Restart computer.
Check for redirection.

Bill C · #83 (**permalink**) 04-11-2009, 07:37 PM

I reset the IE Browser Internet Options settings.

Before I restart the computer and check for redirects, I want you to know that AVG started and finished its scheduled scan.

It's found 6 virus infections (Packed.Monder virus) in the Windows\Sys32 folder - smss.exe & csrss.exe, along w/ several tracking cookies.

I'm restarting the system now.

Bill C · #84 (**permalink**) 04-11-2009, 07:49 PM

Redirects are still occuring w/ both Safari and IE.

After resetting the IE browser internet option settings, some of the defenses are down. What should I reactivate?

broni · #85 (**permalink**) 04-11-2009, 10:31 PM

You can reactivate anything you want.

Let's re-run OTL.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\system32\eventlog.dll
%systemroot%\system32\scecli.dll
%systemroot%\netlogon.dll
%systemroot%\system32\cngaudit.dll
%systemroot%\system32\sceclt.dll
%systemroot%\ntelogon.dll
%systemroot%\system32\logevent.dll

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Since those are pretty big files, you can attach them, if you wish.

Bill C · #86 (**permalink**) 04-11-2009, 11:23 PM

Ran the OTL scan w/ copied script. Only the OTL.txt file was created, no Extras.txt file.
OTL.txt logfile follows.

OTL logfile created on: 11/4/2009 5:16:37 PM - Run 3
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Users\admin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 87.92% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.75 Gb Total Space | 279.86 Gb Free Space | 76.94% Space Free | Partition Type: NTFS
Drive D: | 8.85 Gb Total Space | 1.28 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-PC
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/04 17:14:43 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2009/10/24 16:46:21 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/10/24 12:20:36 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/24 12:20:35 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/24 12:20:35 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/10/24 12:20:35 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/24 12:20:32 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/03/02 21:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/05 10:19:18 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/05/22 14:49:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 02:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/19 02:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/19 02:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 02:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/19 02:33:01 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/01/15 11:26:18 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/05/24 15:13:54 | 00,061,440 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2007/05/16 11

44 | 00,067,128 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2007/05/15 19:20:12 | 00,079,400 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/04/18 10:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 06:59:00 | 00,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

========== Modules (SafeList) ==========

MOD - [2009/11/04 17:14:43 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
MOD - [2008/01/19 02:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/10/24 12:20:32 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/23 21:33:54 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/06/19 20:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 20:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/06/19 20:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/05/22 14:49:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 19:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/19 02:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/12/14 13:43:49 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/05/24 15:13:54 | 00,061,440 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/05/15 19:20:12 | 00,079,400 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/05/11 13:15:20 | 00,887,544 | ---- | M] (Sonic Solutions) -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/05/03 15:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a8264 5-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:08:42 | 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/...fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.92.226.40 24.92.226.41
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 23:58:18 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/26 15:24:02 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/10/26 15:24:02 | 00,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/05/16 15:29:23 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/04 17:14:39 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2009/11/03 22:38:24 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/11/03 22:38:24 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp
[2009/11/03 22:27:50 | 00,000,000 | ---D | C] -- C:\4c56rg7d86514
[2009/11/03 20:23:07 | 00,000,000 | ---D | C] -- C:\4c56rg7d49204
[2009/11/03 19:34:59 | 00,000,000 | ---D | C] -- C:\4c56rg7d
[2009/11/03 19:27:25 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/11/03 18:41:33 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/11/02 23:31:12 | 00,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2009/11/02 23:31:12 | 00,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2009/10/31 23:06:49 | 00,000,000 | ---D | C] -- C:\ProgramData\is-6JRR8
[2009/10/31 23:06:49 | 00,000,000 | ---D | C] -- C:\ProgramData\is-6JRR8
[2009/10/31 23:04:20 | 00,000,000 | ---D | C] -- C:\ProgramData\is-GMUL4
[2009/10/31 23:04:20 | 00,000,000 | ---D | C] -- C:\ProgramData\is-GMUL4
[2009/10/31 22:57:42 | 00,000,000 | ---D | C] -- C:\ProgramData\is-N6F3K
[2009/10/31 22:57:42 | 00,000,000 | ---D | C] -- C:\ProgramData\is-N6F3K
[2009/10/31 09:10:10 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/29 17:49:44 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/29 17:49:44 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/29 17:49:37 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.co m
[2009/10/29 17:49:37 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/28 14:20:22 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/27 10:01:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/27 10:01:59 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/27 10:01:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/27 10:01:59 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/27 10:01:52 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/27 10:01:33 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/26 15:24:02 | 00,000,000 | R--D | C] -- C:\autorun.inf
[2009/10/26 15:12:20 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/10/26 09:03:06 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2009/10/26 09:03:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/26 09:03:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/24 18:37:02 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/10/24 18:13:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/10/24 18:12:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/24 18:12:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/24 18:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/24 16:59:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/24 12:20:50 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/10/24 12:20:42 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/10/24 12:20:42 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/10/24 12:20:37 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/24 12:20:36 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/10/24 12:20:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/10/24 12:20:32 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/24 12:20:32 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/24 10:17:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/24 10:17:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/24 10:17:59 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/23 22:44:00 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Threat Expert
[2009/10/23 22:35:03 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/10/23 22:35:03 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/10/23 22:19:45 | 00,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2009/10/23 22:19:45 | 00,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE

========== Files - Modified Within 14 Days ==========

[2009/11/04 17:16:29 | 03,145,728 | -HS- | M] () -- C:\Users\admin\ntuser.dat
[2009/11/04 17:14:43 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2009/11/04 17:08:28 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/04 16:55:55 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/04 15:44:00 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/04 15:39:18 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/04 15:39:18 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/04 15:37:15 | 02,233,062 | -H-- | M] () -- C:\Users\admin\AppData\Local\IconCache.db
[2009/11/04 13:45:12 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/04 13:45:12 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/04 13:45:12 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/04 13:39:19 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/04 13:37:58 | 00,524,288 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
[2009/11/04 13:37:58 | 00,065,536 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/04 12:57:44 | 00,077,312 | ---- | M] () -- C:\Users\admin\Desktop\mbr.exe
[2009/11/04 08:35:47 | 44,690,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/04 08:35:00 | 00,077,437 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/03 22:35:44 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/03 20:39:27 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/03 20:36:16 | 59,273,248 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/11/03 20:36:16 | 00,696,728 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/11/03 19:34:07 | 03,533,756 | R--- | M] () -- C:\Users\admin\Desktop\4c56rg7d.com
[2009/11/03 00:47:12 | 00,433,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/30 08:41:16 | 00,002,627 | ---- | M] () -- C:\Users\admin\Desktop\Microsoft Office Word 2007.lnk
[2009/10/28 12:35:31 | 00,001,876 | ---- | M] () -- C:\Users\admin\Desktop\HijackThis.lnk
[2009/10/28 11:53:48 | 00,001,987 | ---- | M] () -- C:\Users\admin\Desktop\Windows Live Messenger .lnk
[2009/10/26 21:55:28 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/10/26 21:55:28 | 00,000,172 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/10/26 10:19:13 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/10/26 10:19:13 | 00,000,172 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/24 17:19:24 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/10/24 17:19:24 | 00,000,172 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/10/24 16:46:20 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/10/24 12:20:42 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/10/24 12:20:37 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/24 12:20:36 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/10/24 12:20:36 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/10/24 12:20:36 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/10/24 12:20:36 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

========== Files Created - No Company Name ==========

[2009/11/04 12:57:40 | 00,077,312 | ---- | C] () -- C:\Users\admin\Desktop\mbr.exe
[2009/11/03 19:30:50 | 03,533,756 | R--- | C] () -- C:\Users\admin\Desktop\4c56rg7d.com
[2009/11/03 01:12:46 | 02,233,062 | -H-- | C] () -- C:\Users\admin\AppData\Local\IconCache.db
[2009/10/31 22:57:34 | 59,273,248 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/10/31 22:57:34 | 00,696,728 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/10/28 12:35:31 | 00,001,876 | ---- | C] () -- C:\Users\admin\Desktop\HijackThis.lnk
[2009/10/28 11:53:48 | 00,001,987 | ---- | C] () -- C:\Users\admin\Desktop\Windows Live Messenger .lnk
[2009/10/27 10:01:59 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/27 10:01:59 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/27 10:01:59 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/27 10:01:59 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/10/27 10:01:59 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/26 21:55:28 | 00,000,172 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2009/10/26 21:55:28 | 00,000,172 | -H-- | C] () -- C:\sqmdata03.sqm
[2009/10/26 10:19:13 | 00,000,172 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2009/10/26 10:19:13 | 00,000,172 | -H-- | C] () -- C:\sqmdata02.sqm
[2009/10/24 17:19:24 | 00,000,172 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2009/10/24 17:19:24 | 00,000,172 | -H-- | C] () -- C:\sqmdata01.sqm
[2009/10/24 12:20:36 | 44,690,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/10/24 12:20:36 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/10/24 12:20:36 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/10/24 12:20:36 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/10/24 12:20:36 | 00,077,437 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/10/23 21:34:17 | 00,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/23 21:34:14 | 00,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/10 13:12:25 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/06/10 13:12:25 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/06/10 13:12:25 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/05/26 13:39:35 | 00,005,041 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr
[2009/01/27 13

05 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2009/01/27 13

05 | 00,000,268 | RH-- | C] () -- C:\Users\admin\AppData\Roaming\Common
[2009/01/27 13

05 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Dance
[2008/09/10 00:05:58 | 00,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/07/23 12:53:56 | 00,004,410 | ---- | C] () -- C:\Users\admin\AppData\Roaming\update.log
[2007/12/03 18:00:02 | 00,005,632 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/30 17:51:01 | 00,007,268 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2007/11/30 17:49:12 | 00,123,696 | ---- | C] () -- C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/08/05 00:16:38 | 00,110,112 | ---- | C] () -- C:\Windows\System32\drivers\nvstor32.sys
[2007/08/04 23:48:20 | 00,008,450 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/08/04 23:24:41 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/08/04 23:24:40 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/05/14 07:28:10 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/04/24 12:22:02 | 00,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2006/12/14 01:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,254 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/10/30 20:54:19 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DNA
[2009/07/02 00:18:20 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ImTOO Software Studio
[2008/11/02 00:46:10 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LimeWire
[2009/05/04 21:05:54 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nikon
[2008/07/23 12

40 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sellmosoft
[2007/11/30 17:48:55 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Snapfish
[2008/12/17 09:58:41 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WinBatch
[2008/10/01 19

42 | 00,000,254 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2009/11/04 13:39:19 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/04 13:37:44 | 00,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP

FC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7838B9E0
< End of report >

broni · #87 (**permalink**) 04-11-2009, 11:40 PM

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
[2009/10/24 18:37:02 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/10/27 10:01:59 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/05/26 13:39:35 | 00,005,041 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Bill C · #88 (**permalink**) 05-11-2009, 01:07 AM

Ran OTL Run Fix w/ script, and then Quick Scan. Two logfiles were created and follow.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65 D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65 D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Windows\System32\drivers\avgntflt.sys moved successfully.
C:\Windows\zip.exe moved successfully.
C:\ProgramData\ypkpiykb.yyr moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 220662 bytes
->Temporary Internet Files folder emptied: 19961369 bytes
->Java cache emptied: 155 bytes
->Apple Safari cache emptied: 127666874 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 49208 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 2300583 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 21861 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 143.29 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.3.3 log created on 11042009_185222

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 11/4/2009 6:57:45 PM - Run 4
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Users\admin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 94.68% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.75 Gb Total Space | 280.00 Gb Free Space | 76.98% Space Free | Partition Type: NTFS
Drive D: | 8.85 Gb Total Space | 1.28 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-PC
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/04 17:14:43 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2009/10/24 16:46:21 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/10/24 12:20:36 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/24 12:20:35 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/24 12:20:35 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/10/24 12:20:35 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/24 12:20:32 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/03/02 21:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/05 10:19:18 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/05/22 14:49:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 02:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/19 02:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/19 02:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe
PRC - [2008/01/19 02:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 02:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/19 02:33:01 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/01/15 11:26:18 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/05/15 19:20:12 | 00,079,400 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/04/18 10:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 06:59:00 | 00,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/12/08 11:16:56 | 00,065,536 | ---- | M] () -- C:\hp\KBD\KbdStub.exe

========== Modules (SafeList) ==========

MOD - [2009/11/04 17:14:43 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
MOD - [2008/01/19 02:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/10/24 12:20:32 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/23 21:33:54 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/06/19 20:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 20:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/06/19 20:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/05/22 14:49:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 19:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/19 02:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/12/14 13:43:49 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/05/24 15:13:54 | 00,061,440 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/05/15 19:20:12 | 00,079,400 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/05/11 13:15:20 | 00,887,544 | ---- | M] (Sonic Solutions) -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/05/03 15:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a8264 5-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:08:42 | 00,000,000 | ---D | M]

O1 HOSTS File: (56 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/...fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.92.226.40 24.92.226.41
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 23:58:18 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/26 15:24:02 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/10/26 15:24:02 | 00,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/04 17:14:39 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2009/11/03 22:38:24 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/11/03 22:38:24 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp
[2009/11/03 22:27:50 | 00,000,000 | ---D | C] -- C:\4c56rg7d86514
[2009/11/03 20:23:07 | 00,000,000 | ---D | C] -- C:\4c56rg7d49204
[2009/11/03 19:34:59 | 00,000,000 | ---D | C] -- C:\4c56rg7d
[2009/11/03 19:27:25 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/11/03 18:41:33 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/11/02 23:31:12 | 00,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2009/11/02 23:31:12 | 00,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2009/10/31 23:06:49 | 00,000,000 | ---D | C] -- C:\ProgramData\is-6JRR8
[2009/10/31 23:06:49 | 00,000,000 | ---D | C] -- C:\ProgramData\is-6JRR8
[2009/10/31 23:04:20 | 00,000,000 | ---D | C] -- C:\ProgramData\is-GMUL4
[2009/10/31 23:04:20 | 00,000,000 | ---D | C] -- C:\ProgramData\is-GMUL4
[2009/10/31 22:57:42 | 00,000,000 | ---D | C] -- C:\ProgramData\is-N6F3K
[2009/10/31 22:57:42 | 00,000,000 | ---D | C] -- C:\ProgramData\is-N6F3K
[2009/10/31 09:10:10 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/29 17:49:44 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/29 17:49:44 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/29 17:49:37 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.co m
[2009/10/29 17:49:37 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/28 14:20:22 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/27 10:01:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/27 10:01:59 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/27 10:01:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/27 10:01:59 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/27 10:01:52 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/27 10:01:33 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/26 15:24:02 | 00,000,000 | R--D | C] -- C:\autorun.inf
[2009/10/26 15:12:20 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/10/26 09:03:06 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2009/10/26 09:03:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/26 09:03:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/24 18:13:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/10/24 18:12:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/24 18:12:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/24 18:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/24 16:59:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/24 12:20:50 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/10/24 12:20:42 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/10/24 12:20:42 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/10/24 12:20:37 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/24 12:20:36 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/10/24 12:20:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/10/24 12:20:32 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/24 12:20:32 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/24 10:17:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/24 10:17:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/24 10:17:59 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/23 22:44:00 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Threat Expert
[2009/10/23 22:35:03 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/10/23 22:35:03 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/10/23 22:19:45 | 00,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2009/10/23 22:19:45 | 00,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE

========== Files - Modified Within 14 Days ==========

[2009/11/04 18:57:50 | 03,145,728 | -HS- | M] () -- C:\Users\admin\ntuser.dat
[2009/11/04 18:54:21 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/04 18:54:15 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/04 18:54:14 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/04 18:54:14 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/04 18:54:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/04 18:52:47 | 00,524,288 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
[2009/11/04 18:52:47 | 00,065,536 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/04 18:52:34 | 00,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2009/11/04 18:44:03 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/04 17:26:26 | 02,241,431 | -H-- | M] () -- C:\Users\admin\AppData\Local\IconCache.db
[2009/11/04 17:14:43 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2009/11/04 13:45:12 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/04 13:45:12 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/04 13:45:12 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/04 12:57:44 | 00,077,312 | ---- | M] () -- C:\Users\admin\Desktop\mbr.exe
[2009/11/04 08:35:47 | 44,690,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/04 08:35:00 | 00,077,437 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/03 22:35:44 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/03 20:36:16 | 59,273,248 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/11/03 20:36:16 | 00,696,728 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/11/03 19:34:07 | 03,533,756 | R--- | M] () -- C:\Users\admin\Desktop\4c56rg7d.com
[2009/11/03 00:47:12 | 00,433,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/30 08:41:16 | 00,002,627 | ---- | M] () -- C:\Users\admin\Desktop\Microsoft Office Word 2007.lnk
[2009/10/28 12:35:31 | 00,001,876 | ---- | M] () -- C:\Users\admin\Desktop\HijackThis.lnk
[2009/10/28 11:53:48 | 00,001,987 | ---- | M] () -- C:\Users\admin\Desktop\Windows Live Messenger .lnk
[2009/10/26 21:55:28 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/10/26 21:55:28 | 00,000,172 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/10/26 10:19:13 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/10/26 10:19:13 | 00,000,172 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/24 17:19:24 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/10/24 17:19:24 | 00,000,172 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/10/24 16:46:20 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/10/24 12:20:42 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/10/24 12:20:37 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/24 12:20:36 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/10/24 12:20:36 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/10/24 12:20:36 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/10/24 12:20:36 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

========== Files Created - No Company Name ==========

[2009/11/04 12:57:40 | 00,077,312 | ---- | C] () -- C:\Users\admin\Desktop\mbr.exe
[2009/11/03 19:30:50 | 03,533,756 | R--- | C] () -- C:\Users\admin\Desktop\4c56rg7d.com
[2009/11/03 01:12:46 | 02,241,431 | -H-- | C] () -- C:\Users\admin\AppData\Local\IconCache.db
[2009/10/31 22:57:34 | 59,273,248 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/10/31 22:57:34 | 00,696,728 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/10/28 12:35:31 | 00,001,876 | ---- | C] () -- C:\Users\admin\Desktop\HijackThis.lnk
[2009/10/28 11:53:48 | 00,001,987 | ---- | C] () -- C:\Users\admin\Desktop\Windows Live Messenger .lnk
[2009/10/27 10:01:59 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/27 10:01:59 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/27 10:01:59 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/27 10:01:59 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/10/26 21:55:28 | 00,000,172 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2009/10/26 21:55:28 | 00,000,172 | -H-- | C] () -- C:\sqmdata03.sqm
[2009/10/26 10:19:13 | 00,000,172 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2009/10/26 10:19:13 | 00,000,172 | -H-- | C] () -- C:\sqmdata02.sqm
[2009/10/24 17:19:24 | 00,000,172 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2009/10/24 17:19:24 | 00,000,172 | -H-- | C] () -- C:\sqmdata01.sqm
[2009/10/24 12:20:36 | 44,690,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/10/24 12:20:36 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/10/24 12:20:36 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/10/24 12:20:36 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/10/24 12:20:36 | 00,077,437 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/10/23 21:34:17 | 00,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/23 21:34:14 | 00,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/10 13:12:25 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/06/10 13:12:25 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/06/10 13:12:25 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/01/27 13

05 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2009/01/27 13

05 | 00,000,268 | RH-- | C] () -- C:\Users\admin\AppData\Roaming\Common
[2009/01/27 13

05 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Dance
[2008/09/10 00:05:58 | 00,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/07/23 12:53:56 | 00,004,410 | ---- | C] () -- C:\Users\admin\AppData\Roaming\update.log
[2007/12/03 18:00:02 | 00,005,632 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/30 17:51:01 | 00,007,268 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2007/11/30 17:49:12 | 00,123,696 | ---- | C] () -- C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/08/05 00:16:38 | 00,110,112 | ---- | C] () -- C:\Windows\System32\drivers\nvstor32.sys
[2007/08/04 23:48:20 | 00,008,450 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/08/04 23:24:41 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/08/04 23:24:40 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/05/14 07:28:10 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/04/24 12:22:02 | 00,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2006/12/14 01:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,254 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/10/30 20:54:19 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DNA
[2009/07/02 00:18:20 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ImTOO Software Studio
[2008/11/02 00:46:10 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LimeWire
[2009/05/04 21:05:54 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nikon
[2008/07/23 12

40 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sellmosoft
[2007/11/30 17:48:55 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Snapfish
[2008/12/17 09:58:41 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WinBatch
[2008/10/01 19

42 | 00,000,254 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2009/11/04 18:54:15 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/04 18:52:42 | 00,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP

FC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7838B9E0
< End of report >

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

broni · #89 (**permalink**) 05-11-2009, 02:48 AM

...and the redirection?

Bill C · #90 (**permalink**) 05-11-2009, 05:09 AM

Redirects are still occurring.

So, where are we at?

Are these scans finding anything?

Should I start thinking about reformatting my hard drive?