Log in

linksedge · 1 Logfile of Trend Micro HijackThis on Wed Apr 07, 2010 10:03 pm

linksedge

Member
Member

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:59:28, on 08/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\vVX3000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\AVG\AVG9\avgcfgex.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2077543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {0C86E59C-C4FD-4A19-AED3-D3C1F8277D13} - C:\Windows\System32\defragproxy32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O13 - Gopher Prefix:
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,C:\Windows\System32\DDOIProxy32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6249 bytes

DragonMaster Jay · 2 Re: Logfile of Trend Micro HijackThis on Wed Apr 07, 2010 11:46 pm

DragonMaster Jay

Site Owner

Hi

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

linksedge · 3 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 8:28 am

linksedge

Member
Member

Ok, I have run the scan as requested. I have the OTL.txt and the Extras.Txt

Where do you want me to paste them?

DragonMaster Jay · 4 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 11:12 am

DragonMaster Jay

Site Owner

In to your replies. You will probably have to split the information in half, and post it in about two or three replies.

linksedge · 5 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 11:40 am

linksedge

Member
Member

OTL logfile created on: 08/04/2010 16:23:14 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Nick\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 289.98 Gb Free Space | 62.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 333.79 Gb Free Space | 71.66% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICK-PC
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 12:44:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL.exe
PRC - [2010/04/02 13:41:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 16:57:20 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/01 16:57:03 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/17 10:54:07 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/17 10:54:07 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 10:54:06 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 10:53:51 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/17 10:53:51 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/10 22:49:58 | 000,332,720 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2010/03/07 09:59:47 | 001,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/30 22:24:14 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2009/01/08 10:42:54 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2008/11/18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe

========== Modules (SafeList) ==========

MOD - [2010/04/08 12:44:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL.exe
MOD - [2010/03/17 10:54:07 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
MOD - [2009/07/14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/17 10:54:06 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/17 10:53:51 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/10 22:49:58 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/11/11 18:50:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/11/11 18:14:45 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/08 10:42:54 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/11/18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV - [2010/03/17 10:54:08 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/17 10:54:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 10:53:51 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/11 00:46:34 | 000,223,432 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/11/11 00:27:26 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/10/16 03:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/30 22:24:14 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/06/10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/01/08 10:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/02/22 16:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 16:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 16:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2077543
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C E5 86 0C FD C4 19 4A AE D3 D3 C1 F8 27 7D 13 [binary data]
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0
FF - prefs.js..extensions.enabledItems: {b6c93c23-5942-481c-be3a-8491107be585}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 13:41:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 13:41:21 | 000,000,000 | ---D | M]

[2010/04/05 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2010/04/05 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/07 18:16:13 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\yau9qswo.default\extensions
[2009/11/10 23:13:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\yau9qswo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/06 16:42:43 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\yau9qswo.default\extensions\{b6c93c23-5942-481c-be3a-8491107be585}
[2010/04/06 16:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/06 16:42:43 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2010/03/17 18:52:28 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/17 18:52:28 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/17 18:52:28 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/17 18:52:28 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {0C86E59C-C4FD-4A19-AED3-D3C1F8277D13} - C:\Windows\System32\defragproxy32.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32\DDOIProxy32.dll) - C:\Windows\System32\DDOIProxy32.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 10:52:18 | 000,000,080 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 02:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/06 16:43:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/04/06 16:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\707163174
[2010/04/06 16:42:45 | 000,000,000 | -HSD | C] -- C:\Users\Nick\AppData\Roaming\SystemProc
[2010/04/05 15:38:09 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\LimeWire
[2010/04/05 15:37:44 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\LimeWire
[2010/04/05 15:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/03/31 18:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/31 18:08:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/30 22:34:28 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/30 22:34:27 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/30 22:34:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/30 22:34:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/30 22:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/30 22:05:20 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/30 22:05:19 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/30 22:05:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/24 20:47:00 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\jZip
[2010/03/24 20:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\jZip
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/03/17 10:54:07 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2 C:\Users\Nick\AppData\Roaming\*.tmp files -> C:\Users\Nick\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/08 16:23:55 | 000,000,168 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\23a3c0d8
[2010/04/08 16:23:53 | 000,003,859 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\020000008480072f869P.manifest
[2010/04/08 16:23:52 | 002,359,296 | -HS- | M] () -- C:\Users\Nick\ntuser.dat
[2010/04/08 16:09:04 | 000,000,817 | ---- | M] () -- C:\ProgramData\403968833
[2010/04/08 15:51:43 | 000,000,632 | -HS- | M] () -- C:\ProgramData\1212433169
[2010/04/08 15:51:42 | 000,000,011 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\020000008480072f869S.manifest
[2010/04/08 15:51:32 | 000,000,051 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\020000008480072f869C.manifest
[2010/04/08 15:51:32 | 000,000,011 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\020000008480072f869O.manifest
[2010/04/08 12:41:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/08 11:49:29 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/08 11:49:29 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/08 11:46:43 | 058,646,228 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/08 11:45:25 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/08 11:45:25 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/08 11:45:25 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/08 11:41:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/08 11:41:01 | 2415,255,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/08 03:13:15 | 005,815,879 | -H-- | M] () -- C:\Users\Nick\AppData\Local\IconCache.db
[2010/04/08 02:59:02 | 000,002,039 | ---- | M] () -- C:\Users\Nick\Desktop\HijackThis.lnk
[2010/04/06 17:13:35 | 000,001,594 | ---- | M] () -- C:\Users\Nick\Desktop\ECV_00006_WMV_V9 - Shortcut.lnk
[2010/04/06 16:43:28 | 000,000,113 | ---- | M] () -- C:\ProgramData\sl698732931
[2010/04/06 16:42:55 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/04/06 16:42:42 | 000,208,384 | ---- | M] () -- C:\Windows\System32\defragproxy32.dll
[2010/04/06 16:42:40 | 000,134,144 | ---- | M] () -- C:\Windows\System32\DDOIProxy32.dll
[2010/04/06 03:13:20 | 000,230,424 | ---- | M] () -- C:\img2-002.raw
[2010/04/05 15:47:27 | 000,001,819 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/04/05 15:46:58 | 000,001,861 | ---- | M] () -- C:\Users\Nick\Desktop\LimeWire 5.5.8.lnk
[2010/04/04 11:52:27 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2010/03/30 22:34:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/30 22:34:19 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/30 22:34:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/30 22:34:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/03/17 10:54:08 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/17 10:54:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/17 10:54:07 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/17 10:53:51 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2 C:\Users\Nick\AppData\Roaming\*.tmp files -> C:\Users\Nick\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/08 02:59:02 | 000,002,039 | ---- | C] () -- C:\Users\Nick\Desktop\HijackThis.lnk
[2010/04/06 17:13:35 | 000,001,594 | ---- | C] () -- C:\Users\Nick\Desktop\ECV_00006_WMV_V9 - Shortcut.lnk
[2010/04/06 16:43:44 | 000,000,632 | -HS- | C] () -- C:\ProgramData\1212433169
[2010/04/06 16:43:42 | 000,000,817 | ---- | C] () -- C:\ProgramData\403968833
[2010/04/06 16:43:28 | 000,000,113 | ---- | C] () -- C:\ProgramData\sl698732931
[2010/04/06 16:42:55 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/04/06 16:42:50 | 000,000,168 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\23a3c0d8
[2010/04/06 16:42:42 | 000,208,384 | ---- | C] () -- C:\Windows\System32\defragproxy32.dll
[2010/04/06 16:42:41 | 000,003,859 | -HS- | C] () -- C:\Users\Nick\AppData\Roaming\020000008480072f869P.manifest
[2010/04/06 16:42:41 | 000,000,051 | -HS- | C] () -- C:\Users\Nick\AppData\Roaming\020000008480072f869C.manifest
[2010/04/06 16:42:41 | 000,000,011 | -HS- | C] () -- C:\Users\Nick\AppData\Roaming\020000008480072f869S.manifest
[2010/04/06 16:42:41 | 000,000,011 | -HS- | C] () -- C:\Users\Nick\AppData\Roaming\020000008480072f869O.manifest
[2010/04/06 16:42:40 | 000,134,144 | ---- | C] () -- C:\Windows\System32\DDOIProxy32.dll
[2010/04/06 03:13:20 | 000,230,424 | ---- | C] () -- C:\img2-002.raw
[2010/04/05 15:47:27 | 000,001,819 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/04/05 15:46:58 | 000,001,861 | ---- | C] () -- C:\Users\Nick\Desktop\LimeWire 5.5.8.lnk
[2010/02/20 20:56:36 | 000,524,288 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{f9b3d8cd-1e59-11df-9402-0021855dd292}.TMContainer00000000000000000002.regtrans-ms
[2010/02/20 20:56:36 | 000,524,288 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{f9b3d8cd-1e59-11df-9402-0021855dd292}.TMContainer00000000000000000001.regtrans-ms
[2010/02/20 20:56:36 | 000,065,536 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{f9b3d8cd-1e59-11df-9402-0021855dd292}.TM.blf
[2009/12/28 22:08:14 | 000,006,144 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/05 13:28:16 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/12/05 13:28:16 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/11/11 18:34:06 | 000,524,288 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{4ba441ed-cee8-11de-9230-0021855dd292}.TMContainer00000000000000000002.regtrans-ms
[2009/11/11 18:34:05 | 000,524,288 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{4ba441ed-cee8-11de-9230-0021855dd292}.TMContainer00000000000000000001.regtrans-ms
[2009/11/11 18:34:05 | 000,065,536 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{4ba441ed-cee8-11de-9230-0021855dd292}.TM.blf
[2009/11/11 00:35:02 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/11/11 00:35:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/11/11 00:27:43 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2009/11/10 23:10:40 | 002,359,296 | -HS- | C] () -- C:\Users\Nick\ntuser.dat
[2009/11/10 23:10:40 | 000,524,288 | -HS- | C] () -- C:\Users\Nick\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/11/10 23:10:40 | 000,524,288 | -HS- | C] () -- C:\Users\Nick\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/11/10 23:10:40 | 000,262,144 | -HS- | C] () -- C:\Users\Nick\ntuser.dat.LOG1
[2009/11/10 23:10:40 | 000,065,536 | -HS- | C] () -- C:\Users\Nick\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/11/10 23:10:40 | 000,000,020 | -HS- | C] () -- C:\Users\Nick\ntuser.ini
[2009/11/10 23:10:40 | 000,000,000 | -HS- | C] () -- C:\Users\Nick\ntuser.dat.LOG2
[2009/10/16 07:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/26 18:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2008/11/13 07:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/12/04 06:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/06/07 06:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2005/03/08 07:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2009/07/13 22:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/07/14 02:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/13 22:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2009/01/08 10:42:54 | 000,036,608 | ---- | M] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/07/13 22:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/13 22:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2009/07/13 22:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2009/07/13 22:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/13 22:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/13 22:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/13 22:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/13 22:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/13 22:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2009/07/13 22:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/13 22:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/13 22:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/13 22:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2009/07/14 00:26:52 | 002,326,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/11/11 06:40:36 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/05/08 19:51:26 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/04/08 11:41:01 | 2415,255,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/04 11:52:27 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2010/04/06 03:13:20 | 000,230,424 | ---- | M] () -- C:\img2-002.raw
[2009/07/09 22:48:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/09 22:48:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/08 11:41:03 | 3220,344,832 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2009/11/21 14:50:08 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/11/12 20:08:35 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/11/12 02:31:43 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/11/12 02:31:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/11/12 02:31:43 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2009/11/11 00:56:42 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/03/14 17:56:36 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/11/11 18:50:17 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2009/11/12 02:31:44 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2009/11/15 11:21:57 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2010/01/16 19:59:17 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/01/03 14:31:27 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/03/31 17:30:41 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/02/18 18:11:31 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/02/18 18:11:39 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/03/30 22:34:18 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/03/24 20:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\jZip
[2010/04/05 15:46:58 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2009/12/05 13:27:05 | 000,000,000 | ---D | M] -- C:\Program Files\MarkAny
[2009/11/12 02:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/11/12 02:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/12/28 21:38:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft LifeCam
[2009/11/12 02:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/12/26 11:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/04/02 13:41:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/11/12 02:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/12/05 20:01:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/11/11 18:11:52 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/03/31 18:11:51 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/11/12 02:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/12/05 13:26:58 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2009/12/02 19:12:12 | 000,000,000 | ---D | M] -- C:\Program Files\Sports Interactive
[2010/04/08 15:24:39 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2010/04/08 02:59:01 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/11/11 00:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\TrueCrypt
[2009/07/14 05:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/11/12 02:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/11/12 02:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/11/12 02:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/11/11 01:35:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/11/12 02:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/11/12 20:37:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/11/12 02:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/11/12 02:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 05:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/11/12 02:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/12/02 19:13:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >
[2010/04/08 15:51:32 | 000,000,051 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\020000008480072f869C.manifest
[2010/04/08 15:51:32 | 000,000,011 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\020000008480072f869O.manifest
[2010/04/08 16:25:03 | 000,003,859 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\020000008480072f869P.manifest
[2010/04/08 15:51:42 | 000,000,011 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\020000008480072f869S.manifest
[2010/04/08 16:25:07 | 000,000,168 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\23a3c0d8
[2 C:\Users\Nick\AppData\Roaming\*.tmp files -> C:\Users\Nick\AppData\Roaming\*.tmp -> ]

< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows.old\Windows\System32\drivers\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows.old\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\System32\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\System32\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows.old\Windows\System32\drivers\USBSTOR.SYS
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows.old\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/07/14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_83027f5d5b2468d3\USBSTOR.SYS
[2009/07/14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS
[2006/11/02 09:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-30 22:39:53
< End of report >

linksedge · 6 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 11:41 am

linksedge

Member
Member

OTL Extras logfile created on: 08/04/2010 16:23:14 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Nick\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 289.98 Gb Free Space | 62.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 333.79 Gb Free Space | 71.66% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICK-PC
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"AVG9Uninstall" = AVG Free 9.0
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"HijackThis" = HijackThis 2.0.2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"jZip" = jZip
"LimeWire" = LimeWire 5.5.8
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Steam App 10540" = Football Manager 2009
"TrueCrypt" = TrueCrypt
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/04/2010 21:53:07 | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc0000374 Fault offset: 0x000c283b Faulting
process id: 0x1598 Faulting application start time: 0x01cad6be285b834a Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 79f4cfa2-42b1-11df-9746-0021855dd292

Error - 07/04/2010 21:55:21 | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc0000374 Fault offset: 0x000c283b Faulting
process id: 0x120 Faulting application start time: 0x01cad6be3edc0903 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: c9c59125-42b1-11df-9746-0021855dd292

Error - 07/04/2010 21:56:08 | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc0000374 Fault offset: 0x000c283b Faulting
process id: 0x10f0 Faulting application start time: 0x01cad6be8fdab234 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: e57b15d6-42b1-11df-9746-0021855dd292

Error - 07/04/2010 21:56:59 | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc0000374 Fault offset: 0x000c283b Faulting
process id: 0xbd4 Faulting application start time: 0x01cad6beab8b7424 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 03d23ff4-42b2-11df-9746-0021855dd292

Error - 07/04/2010 21:57:55 | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc0000374 Fault offset: 0x000c283b Faulting
process id: 0xcac Faulting application start time: 0x01cad6bec9e76102 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 25638ea2-42b2-11df-9746-0021855dd292

Error - 08/04/2010 06:47:07 | Computer Name = Nick-PC | Source = VSS | ID = 8194
Description =

Error - 08/04/2010 08:09:25 | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc0000374 Fault offset: 0x000c283b Faulting
process id: 0xdac Faulting application start time: 0x01cad7109a52f5d4 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 928f9422-4307-11df-b1ab-0021855dd292

Error - 08/04/2010 09:02:49 | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc0000374 Fault offset: 0x000c283b Faulting
process id: 0x14a8 Faulting application start time: 0x01cad7145886e1be Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 083b45cc-430f-11df-b1ab-0021855dd292

Error - 08/04/2010 10:32:45 | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc0000374 Fault offset: 0x000c283b Faulting
process id: 0x11cc Faulting application start time: 0x01cad71bce4e057a Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 989036cc-431b-11df-b1ab-0021855dd292

Error - 08/04/2010 10:51:25 | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc0000374 Fault offset: 0x000c283b Faulting
process id: 0x15a0 Faulting application start time: 0x01cad7285ed72c63 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 3413dbe0-431e-11df-b1ab-0021855dd292

[ Media Center Events ]
Error - 14/11/2009 13:53:08 | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = 17:53:07 - Error connecting to the internet. 17:53:07 - Unable
to contact server..

Error - 14/11/2009 13:53:46 | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = 17:53:16 - Error connecting to the internet. 17:53:16 - Unable
to contact server..

Error - 13/12/2009 13:25:07 | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = 17:25:01 - Error connecting to the internet. 17:25:01 - Unable
to contact server..

Error - 13/12/2009 14:25:17 | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = 18:25:13 - Error connecting to the internet. 18:25:13 - Unable
to contact server..

Error - 20/12/2009 14:01:57 | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = 18:01:57 - Error connecting to the internet. 18:01:57 - Unable
to contact server..

Error - 20/12/2009 14:02:06 | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = 18:02:02 - Error connecting to the internet. 18:02:02 - Unable
to contact server..

Error - 30/12/2009 07:12:57 | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = 11:12:57 - Error connecting to the internet. 11:12:57 - Unable
to contact server..

Error - 30/12/2009 07:13:16 | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = 11:13:04 - Error connecting to the internet. 11:13:04 - Unable
to contact server..

Error - 30/12/2009 08:13:23 | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = 12:13:23 - Error connecting to the internet. 12:13:23 - Unable
to contact server..

Error - 30/12/2009 08:13:33 | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = 12:13:28 - Error connecting to the internet. 12:13:28 - Unable
to contact server..

[ System Events ]
Error - 03/04/2010 09:42:14 | Computer Name = Nick-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 03/04/2010 19:00:05 | Computer Name = Nick-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 04/04/2010 08:18:53 | Computer Name = Nick-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 05/04/2010 09:22:16 | Computer Name = Nick-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 05/04/2010 15:28:14 | Computer Name = Nick-PC | Source = DCOM | ID = 10010
Description =

Error - 05/04/2010 18:07:18 | Computer Name = Nick-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 06/04/2010 10:19:12 | Computer Name = Nick-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 07/04/2010 09:29:05 | Computer Name = Nick-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 07/04/2010 17:27:23 | Computer Name = Nick-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 08/04/2010 10:26:45 | Computer Name = Nick-PC | Source = nvlddmkm | ID = 11141134
Description =

< End of report >

DragonMaster Jay · 7 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 2:19 pm

DragonMaster Jay

Site Owner

I see you are running LimeWire, a P2P application. I suggest to read the following, and then decided whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm

====================

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

========================

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:otl
FF - prefs.js..extensions.enabledItems: {b6c93c23-5942-481c-be3a-8491107be585}:1.0
[2010/04/06 16:42:43 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\yau9qswo.default\extensions\{b6c93c23-5942-481c-be3a-8491107be585}
O2 - BHO: (no name) - {0C86E59C-C4FD-4A19-AED3-D3C1F8277D13} - C:\Windows\System32\defragproxy32.dll ()
[2010/04/06 16:43:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/04/06 16:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\707163174
[2010/04/06 16:42:45 | 000,000,000 | -HSD | C] -- C:\Users\Nick\AppData\Roaming\SystemProc
[2010/04/08 16:09:04 | 000,000,817 | ---- | M] () -- C:\ProgramData\403968833
[2010/04/08 15:51:43 | 000,000,632 | -HS- | M] () -- C:\ProgramData\1212433169
[2010/04/08 16:23:55 | 000,000,168 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\23a3c0d8
[2010/04/06 16:43:28 | 000,000,113 | ---- | M] () -- C:\ProgramData\sl698732931
[2010/04/06 16:42:55 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/04/06 16:42:42 | 000,208,384 | ---- | M] () -- C:\Windows\System32\defragproxy32.dll
[2010/04/06 16:42:40 | 000,134,144 | ---- | M] () -- C:\Windows\System32\DDOIProxy32.dll

:commands
[emptytemp]
[reboot]
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

=========================

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here along with the OTL fix log.

linksedge · 8 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 3:29 pm

linksedge

Member
Member

Ok, I did as you asked, the computer restarted and the log is below. However since the restart the resident shield is picking up a threat every 20 or 30 seconds as apposed to every 5 or 10 minutes previously. Do I carry on and run Combofix, or does this suggest that the problem has not been solved?

All processes killed
========== OTL ==========
Prefs.js: {b6c93c23-5942-481c-be3a-8491107be585}:1.0 removed from extensions.enabledItems
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\yau9qswo.default\extensions\{b6c93c23-5942-481c-be3a-8491107be585}\defaults\preferences folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\yau9qswo.default\extensions\{b6c93c23-5942-481c-be3a-8491107be585}\defaults folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\yau9qswo.default\extensions\{b6c93c23-5942-481c-be3a-8491107be585}\chrome folder moved successfully.
Folder move failed. C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\yau9qswo.default\extensions\{b6c93c23-5942-481c-be3a-8491107be585} scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C86E59C-C4FD-4A19-AED3-D3C1F8277D13}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C86E59C-C4FD-4A19-AED3-D3C1F8277D13}\ deleted successfully.
C:\Windows\System32\defragproxy32.dll moved successfully.
C:\ProgramData\SysWoW32 folder moved successfully.
C:\ProgramData\707163174 folder moved successfully.
C:\Users\Nick\AppData\Roaming\SystemProc folder moved successfully.
C:\ProgramData\403968833 moved successfully.
C:\ProgramData\1212433169 moved successfully.
C:\Users\Nick\AppData\Roaming\23a3c0d8 moved successfully.
C:\ProgramData\sl698732931 moved successfully.
C:\ProgramData\unrar.exe moved successfully.
File C:\Windows\System32\defragproxy32.dll not found.
C:\Windows\System32\DDOIProxy32.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nick
->Temp folder emptied: 116961379 bytes
->Temporary Internet Files folder emptied: 178075403 bytes
->Java cache emptied: 13048834 bytes
->FireFox cache emptied: 39546781 bytes
->Flash cache emptied: 38978 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2903800 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 334.00 mb

OTL by OldTimer - Version 3.2.1.0 log created on 04082010_201402

Files\Folders moved on Reboot...
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\yau9qswo.default\extensions\{b6c93c23-5942-481c-be3a-8491107be585} folder moved successfully.
C:\Users\Nick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

DragonMaster Jay · 9 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 3:30 pm

DragonMaster Jay

Site Owner

Go ahead with ComboFix. Smile

linksedge · 10 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 6:02 pm

linksedge

Member
Member

Ok, I have run Combofix and this is the log:

ComboFix 10-04-07.04 - Nick 08/04/2010 22:55:51.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3071.2236 [GMT 1:00]
Running from: c:\users\Nick\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\users\Nick\AppData\Roaming\020000008480072f869C.manifest
c:\users\Nick\AppData\Roaming\020000008480072f869O.manifest
c:\users\Nick\AppData\Roaming\020000008480072f869P.manifest
c:\users\Nick\AppData\Roaming\020000008480072f869S.manifest
c:\users\Nick\AppData\Roaming\SystemProc
c:\users\Nick\AppData\Roaming\SystemProc\lsass.exe
c:\windows\system32\Data
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-08 21:47 . 2010-04-08 21:47 -------- d-----w- C:\32788R22FWJFW
2010-04-08 19:19 . 2010-04-08 19:20 -------- d-sh--w- c:\programdata\SysWoW32
2010-04-08 19:19 . 2010-04-08 19:20 -------- d-----w- c:\programdata\707163174
2010-04-08 19:19 . 2010-04-08 19:19 203776 --sh--w- c:\programdata\unrar.exe
2010-04-08 19:14 . 2010-04-08 19:14 -------- d-----w- C:\_OTL
2010-04-08 10:47 . 2010-04-08 10:47 4255072 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-04-08 01:59 . 2010-04-08 01:59 -------- d-----w- c:\program files\Trend Micro
2010-04-06 15:42 . 2010-04-08 19:14 134144 ----a-w- c:\windows\system32\DDOIProxy32.dll
2010-04-01 15:57 . 2010-04-01 15:57 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-04-01 15:57 . 2010-04-01 15:57 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2010-04-01 15:57 . 2010-04-01 15:57 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
2010-04-01 15:57 . 2010-04-01 15:57 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-01 15:57 . 2010-04-01 15:57 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
2010-04-01 15:57 . 2010-04-01 15:57 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-04-01 15:57 . 2010-04-01 15:57 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-04-01 15:57 . 2010-04-01 15:57 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-04-01 15:57 . 2010-04-01 15:57 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
2010-04-01 15:57 . 2010-04-01 15:57 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-04-01 15:57 . 2010-04-01 15:57 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
2010-04-01 15:56 . 2010-04-01 15:56 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-01 15:56 . 2010-04-01 15:56 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-03-31 17:11 . 2010-03-31 17:11 -------- d-----w- c:\program files\QuickTime
2010-03-30 21:34 . 2010-03-30 21:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-30 21:34 . 2010-03-30 21:34 -------- d-----w- c:\program files\Java
2010-03-30 21:05 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-24 19:47 . 2010-03-24 19:48 -------- d-----w- c:\users\Nick\AppData\Local\jZip
2010-03-24 19:46 . 2010-03-24 19:47 -------- d-----w- c:\program files\jZip
2010-03-17 09:54 . 2010-03-17 09:54 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-03-17 09:54 . 2010-03-17 09:54 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-03-17 09:54 . 2010-03-17 09:54 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-03-17 09:54 . 2010-03-17 09:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 19:11 . 2009-11-21 13:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-08 14:24 . 2009-12-02 18:12 -------- d-----w- c:\program files\Steam
2010-04-06 15:42 . 2010-04-06 15:42 761856 --sha-w- c:\users\Nick\AppData\Roaming\4184.tmp
2010-04-06 15:42 . 2010-04-06 15:42 814592 --sha-w- c:\users\Nick\AppData\Roaming\3BD8.tmp
2010-03-17 09:54 . 2009-11-10 23:38 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 09:54 . 2009-11-10 23:38 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 09:53 . 2009-11-10 23:38 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-14 16:56 . 2009-11-12 19:42 -------- d-----w- c:\programdata\BioWare
2010-03-14 16:56 . 2009-11-12 19:07 -------- d-----w- c:\programdata\Media Center Programs
2010-03-13 12:03 . 2009-12-02 18:12 -------- d-----w- c:\program files\Common Files\Steam
2010-02-25 17:09 . 2009-11-11 17:12 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-20 21:16 . 2009-11-24 23:28 -------- d-----w- c:\programdata\WinZip
2010-02-18 17:11 . 2010-02-18 17:11 -------- d-----w- c:\program files\iTunes
2010-02-18 17:11 . 2010-02-18 17:11 -------- d-----w- c:\program files\iPod
2010-02-18 17:11 . 2009-11-10 23:43 -------- d-----w- c:\program files\Common Files\Apple
2010-02-18 17:09 . 2010-02-18 17:09 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-11 07:10 . 2010-02-27 19:54 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-02 07:45 . 2010-02-24 22:46 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-18 23:29 . 2010-02-10 16:56 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 16:56 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 16:56 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 16:56 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 16:56 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 16:56 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 16:56 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 16:56 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-30 762208]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-30 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-01-08 09:55 98304 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 19:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-03-07 08:59 1217872 ----a-w- c:\program files\Steam\steam.exe

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-11 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-11 79360]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-17 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-17 242696]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-17 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-01-08 233472]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-01-08 36608]
S3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-11-10 464384]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\yau9qswo.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-F5D7050v3 - c:\program files\Belkin\F5D7050v3\Belkinwcui.exe
HKLM-Run-NPSStartup - (no file)

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\System32\DDOIProxy32.dll
.
Completion time: 2010-04-08 23:00:14
ComboFix-quarantined-files.txt 2010-04-08 22:00

Pre-Run: 314,760,732,672 bytes free
Post-Run: 314,678,317,056 bytes free

- - End Of File - - CBB7DA61100A35388C3A5430709F33F4

DragonMaster Jay · 11 Re: Logfile of Trend Micro HijackThis on Fri Apr 09, 2010 12:55 am

DragonMaster Jay

Site Owner

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

linksedge · 12 Re: Logfile of Trend Micro HijackThis on Fri Apr 09, 2010 8:05 am

linksedge

Member
Member

Ok I have done that...here is the log

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3970

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/04/2010 13:03:46
mbam-log-2010-04-09 (13-03-46).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 292725
Time elapsed: 1 hour(s), 0 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\ddoiproxy32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\ddoiproxy32.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\707163174 (Rogue.WindowsSmartSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\SystemProc\lsass.exe.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Nick\AppData\Roaming\3BD8.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Nick\AppData\Roaming\4184.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\DDOIProxy32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04082010_201402\C_Windows\System32\DDOIProxy32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04082010_201402\C_Windows\System32\defragproxy32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

DragonMaster Jay · 13 Re: Logfile of Trend Micro HijackThis on Fri Apr 09, 2010 1:29 pm

DragonMaster Jay

Site Owner

Please re-open MBAM, click the update tab and click Check for Updates.

Then, click the scanner tab, and select Perform Quick Scan, and click on Scan.

Remove selected, reboot if necessary, and then post the log in your next reply.

linksedge · 14 Re: Logfile of Trend Micro HijackThis on Fri Apr 09, 2010 4:47 pm

linksedge

Member
Member

Here is the requested log -

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3973

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/04/2010 21:45:45
mbam-log-2010-04-09 (21-45-45).txt

Scan type: Quick scan
Objects scanned: 107210
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DragonMaster Jay · 15 Re: Logfile of Trend Micro HijackThis on Sat Apr 10, 2010 12:48 am

DragonMaster Jay

Site Owner

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Ad Bot

Ad Bot

1 Logfile of Trend Micro HijackThis on Wed Apr 07, 2010 10:03 pm

linksedge

2 Re: Logfile of Trend Micro HijackThis on Wed Apr 07, 2010 11:46 pm

DragonMaster Jay

3 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 8:28 am

linksedge

4 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 11:12 am

DragonMaster Jay

5 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 11:40 am

linksedge

6 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 11:41 am

linksedge

7 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 2:19 pm

DragonMaster Jay

8 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 3:29 pm

linksedge

9 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 3:30 pm

DragonMaster Jay

10 Re: Logfile of Trend Micro HijackThis on Thu Apr 08, 2010 6:02 pm

linksedge

11 Re: Logfile of Trend Micro HijackThis on Fri Apr 09, 2010 12:55 am

DragonMaster Jay

12 Re: Logfile of Trend Micro HijackThis on Fri Apr 09, 2010 8:05 am

linksedge

13 Re: Logfile of Trend Micro HijackThis on Fri Apr 09, 2010 1:29 pm

DragonMaster Jay

14 Re: Logfile of Trend Micro HijackThis on Fri Apr 09, 2010 4:47 pm

linksedge

15 Re: Logfile of Trend Micro HijackThis on Sat Apr 10, 2010 12:48 am

DragonMaster Jay

Ad Bot

Log in