1.

Solve : Please help, being hijacked while web surfing...?

Answer»

Hey, I'm starting to get the hang of this computer stuff. I was able to disable StopZilla at startup and tried the ComboFix again. It ran the very first time! This is the log it produced...


ComboFix 10-10-12.03 - Wayne 10/14/2010  17:38:26.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2031.1262 [GMT -5:00]
Running from: c:\documents and settings\Wayne\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wayne\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\q6m3suwq.vbt
.
---- Previous Run -------
.
c:\windows\system32\ccrpTmr6.dll

.
(((((((((((((((((((((((((   Files Created from 2010-09-14 to 2010-10-14  )))))))))))))))))))))))))))))))
.

2010-10-10 19:10 . 2010-10-10 20:26   --------   d-----w-   c:\documents and settings\Wayne\Local Settings\Application Data\Temp
2010-10-07 00:41 . 2010-10-07 00:41   --------   d-----w-   c:\program files\7-Zip
2010-10-05 18:22 . 2010-10-05 18:22   --------   d-----w-   c:\documents and settings\Wayne\Application Data\Foxit Software
2010-09-29 19:13 . 2010-10-14 22:17   --------   d-----w-   c:\program files\Mozilla Thunderbird
2010-09-26 20:50 . 2010-09-26 20:51   --------   d-----w-   c:\documents and settings\Wayne\Application Data\PCToolsFirewallPlus
2010-09-26 20:46 . 2009-11-23 18:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-26 20:46 . 2009-11-09 16:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-09-26 20:45 . 2010-01-07 17:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-09-26 20:44 . 2010-09-26 20:46   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-09-26 20:44 . 2010-01-12 14:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-26 20:44 . 2010-01-07 16:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2010-09-26 20:44 . 2010-01-07 16:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2010-09-26 20:44 . 2010-01-13 13:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2010-09-26 20:44 . 2010-09-28 03:24   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2010-09-26 09:53 . 2010-09-26 09:54   --------   d-----w-   c:\program files\CCleaner
2010-09-25 15:42 . 2010-09-25 15:42   --------   d-----w-   c:\program files\STOPzilla!
2010-09-25 15:42 . 2010-10-14 22:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\STOPzilla!
2010-09-25 15:42 . 2010-09-25 15:42   --------   d-----w-   c:\program files\Common Files\iS3
2010-09-25 05:00 . 2010-09-25 05:00   --------   d-----w-   C:\671feffc3b70b88a397bd6f620fbac40
2010-09-24 16:25 . 2010-09-25 19:46   --------   d-----w-   c:\program files\UnHackMe
2010-09-24 15:57 . 2010-09-24 16:26   2   --shatr-   c:\windows\winstart.bat
2010-09-24 01:33 . 2010-09-24 01:33   12872   ----a-w-   c:\windows\system32\bootdelete.exe
2010-09-24 01:26 . 2010-10-12 00:34   16968   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2010-09-24 01:23 . 2010-09-24 01:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-24 01:23 . 2010-09-24 01:23   --------   d-----w-   c:\program files\Hitman Pro 3.5
2010-09-21 06:28 . 2010-10-07 22:26   --------   d-----w-   c:\program files\ESET
2010-09-20 23:08 . 2010-09-20 23:08   546256   ----a-r-   c:\windows\system32\SZComp5.dll
2010-09-20 23:08 . 2010-09-20 23:08   22992   ----a-r-   c:\windows\system32\SZIO5.dll
2010-09-20 23:08 . 2010-09-20 23:08   132560   ----a-r-   c:\windows\system32\IS3HTUI5.dll
2010-09-20 23:08 . 2010-09-20 23:08   99792   ----a-r-   c:\windows\system32\IS3Svc5.dll
2010-09-20 23:08 . 2010-09-20 23:08   67024   ----a-r-   c:\windows\system32\IS3Hks5.dll
2010-09-20 23:08 . 2010-09-20 23:08   452048   ----a-r-   c:\windows\system32\SZBase5.dll
2010-09-20 23:08 . 2010-09-20 23:08   398800   ----a-r-   c:\windows\system32\IS3DBA5.dll
2010-09-20 23:08 . 2010-09-20 23:08   28624   ----a-r-   c:\windows\system32\IS3XDat5.dll
2010-09-20 23:08 . 2010-09-20 23:08   99792   ----a-r-   c:\windows\system32\IS3Inet5.dll
2010-09-20 23:08 . 2010-09-20 23:08   738768   ----a-r-   c:\windows\system32\IS3Base5.dll
2010-09-20 23:08 . 2010-09-20 23:08   390608   ----a-r-   c:\windows\system32\IS3UI5.dll
2010-09-20 23:08 . 2010-09-20 23:08   230864   ----a-r-   c:\windows\system32\IS3Win325.dll
2010-09-16 00:51 . 2010-09-16 00:51   --------   d-----w-   c:\program files\WinPcap

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 19:43 . 2008-09-06 19:16   67688   ----a-w-   c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 19:43 . 2008-09-06 19:16   54368   ----a-w-   c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 19:43 . 2008-09-06 19:16   34944   ----a-w-   c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 19:43 . 2008-09-06 19:16   46712   ----a-w-   c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 19:43 . 2008-09-06 19:16   172136   ----a-w-   c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GOOGLE Update"="c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-10 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-11 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"VTPreset"="VTPreset.exe" [2004-02-25 45056]
"BtcMaestro"="c:\program files\KMaestro\KMaestro.exe" [2004-05-05 237568]
"EssSpkPhone"="essspk.exe" [2002-05-31 167936]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2002-05-20 86016]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-09 45056]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-19 805392]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-10-08 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-19 00:47   12536   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42   72208   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cloudmark SpamNet for OE.lnk]
backup=c:\windows\pss\Cloudmark SpamNet for OE.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dpcstart.lnk]
backup=c:\windows\pss\dpcstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^ClickTray Calendar.lnk]
backup=c:\windows\pss\ClickTray Calendar.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/27/2008 11:57 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/27/2008 11:57 PM 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/26/2010 3:45 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/18/2010 7:46 PM 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/18/2010 7:47 PM 308136]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [5/29/2010 8:14 PM 20072]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [9/26/2010 3:46 PM 88040]
R2 SnapTHN;SnapTHN;c:\windows\system32\drivers\SNAPTHN.SYS [2/23/1998 5:56 PM 31104]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [9/26/2010 3:44 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [9/26/2010 3:44 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [9/26/2010 3:44 PM 115216]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S3 Dual Mode;Dual Mode Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 nuvaudio;Hauppauge WinTV USB Pro Audio Service;c:\windows\system32\DRIVERS\nuvaudio.sys --> c:\windows\system32\DRIVERS\nuvaudio.sys [?]
S3 NuVision;Hauppauge WinTV USB Live Pro;c:\windows\system32\drivers\Nuvision.sys [12/19/2002 3:56 PM 260144]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 12872]
S3 USBNDIS;%USBNDIS.Service.DispName%;c:\windows\system32\DRIVERS\usbndis.sys --> c:\windows\system32\DRIVERS\usbndis.sys [?]
S4 DPCUSB;Satellite Receiver USB Driver;c:\windows\system32\Drivers\DPCUSB.sys --> c:\windows\system32\Drivers\DPCUSB.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006Core.job
- c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 19:10]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006UA.job
- c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 19:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.canoe.ca/
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=localhost:8080
IE: Refresh Pa≥ with Full Quality - c:\program files\MTS Accelerator\pac-page.html
IE: Refresh Pi&cture with Full Quality - c:\program files\MTS Accelerator\pac-image.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.canoe.ca/home.html
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - component: c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\[email protected]\components\PACMozComponent.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-TPSvc - TPSvc.dll
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1 - c:\documents and settings\Wayne\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\unins000.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F7EC739-D5DE-8DF0-851B2E09AF27478A}\{9DB8FF8F-3E0D-CA6E-8233451919EA27FD}\{89229253-B827-099C-CFFB852028D69EA1}*]
"WE6X3HNHJXRI2CPMH2OUMP32VF1"=hex:01,00,01,00,00,00,00,00,6d,db,9e,e2,89,b8,a5,
   65,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\program files\KMaestro\HidKeybd.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\System32\locator.exe
c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\essspk.exe
c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\STOPzilla!\STOPzilla.exe
.
**************************************************************************
.
COMPLETION time: 2010-10-14  18:09:12 - machine was rebooted
ComboFix-quarantined-files.txt  2010-10-14 23:08

Pre-Run: 275,573,174,272 bytes free
Post-Run: 275,562,561,536 bytes free

- - End Of File - - DB88A25472011ED62CAB7C60CB122CBB
Jacked again. Ran the OTL scan (Minimal Output, LOP & Purity checked)

OTL logfile created on: 10/14/2010 10:15:19 PM - Run 9
OTL by OldTimer - Version 3.2.15.1     Folder = C:\Documents and Settings\Wayne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 256.63 Gb Free Space | 86.09% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-X35LSKRDA | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Wayne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Wayne\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\Program Files\MTS Accelerator\PropelAC.exe (Propel Software Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe (SiSoftware)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
PRC - C:\Program Files\KMaestro\Kmaestro.exe (BTC)
PRC - C:\WINDOWS\essspk.exe ()
PRC - C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Wayne\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\system32\hid.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\KMaestro\HidKeybd.dll (BTC)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe (SiSoftware)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBNDIS) -- C:\WINDOWS\System32\DRIVERS\usbndis.sys File not found
DRV - (nuvaudio) -- C:\WINDOWS\System32\DRIVERS\nuvaudio.sys File not found
DRV - (LMouKE) -- C:\WINDOWS\System32\Drivers\LMouKE.sys File not found
DRV - (LHidUsbK) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys File not found
DRV - (Dual Mode) -- C:\WINDOWS\System32\DRIVERS\CoachVc.sys File not found
DRV - (DPCUSB) -- C:\WINDOWS\System32\Drivers\DPCUSB.sys File not found
DRV - (CoachUsb) -- C:\WINDOWS\System32\DRIVERS\CoachUsb.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (szkgfs) -- C:\WINDOWS\system32\drivers\szkgfs.sys (iS3, Inc.)
DRV - (cpuz133) -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctNDIS) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (szkg5) -- C:\WINDOWS\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (is3srv) -- C:\WINDOWS\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys (SiSoftware)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (eMPIA Technology, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (NuVision) -- C:\WINDOWS\system32\drivers\Nuvision.sys (Hauppauge Computer Works)
DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (Edspport) -- C:\WINDOWS\system32\drivers\es56hpi.sys (ESS Technology, Inc.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (VIAPFD) -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS (VIA Technologies. Inc.)
DRV - (ViaIde) -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (SnapTHN) -- C:\WINDOWS\System32\drivers\SNAPTHN.SYS (Play Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginen ame: "www.google-feed.net"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en.canoe.ca/home.html"
FF - prefs.js..extensions.enabledItems: {34274bf4-1d97-a289-e984-17e546307e4f}:0.5.3.043
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080718
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2008.5.13
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:1.6.4
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.13
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..keyword.URL: "http://www.veerboo.com/results.php?q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/24 19:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/29 14:13:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/05 13:21:09 | 000,000,000 | ---D | M]
 
[2010/09/22 13:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions
[2010/09/22 13:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/14 21:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions
[2008/09/07 19:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\[email protected]
[2010/09/15 19:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\SearchHelper
[2008/05/27 22:59:05 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\dictionary.xml
[2010/09/15 19:51:59 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\GoogleFeed.xml
[2010/10/14 21:53:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 00:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/21 02:47:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/12/20 00:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/12/21 14:43:06 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/21 14:43:06 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/21 14:43:06 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/12/21 14:43:06 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/21 14:43:07 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/05 13:18:11 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
 
O1 HOSTS File: ([2010/10/14 17:53:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\MTS Accelerator\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\KMaestro\Kmaestro.exe (BTC)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [EssSpkPhone] C:\WINDOWS\essspk.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [VTPreset] C:\WINDOWS\System32\VTPreset.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Refresh Pa≥ with Full Quality - C:\Program Files\MTS Accelerator\pac-page.html ()
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\MTS Accelerator\pac-image.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37623.4285648148 (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\aptera.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\aptera.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/08 09:25:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [ = ComFile] -- "%1" %*
O37 - HKLM\...exe [ = exefile] -- "%1" %*
O37 - HKCU\...exe [ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/10/14 18:21:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/14 17:49:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/14 17:35:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 20:52:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 20:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/11 23:42:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/10 14:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Local Settings\Application Data\Temp
[2010/10/10 00:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Art Stuff
[2010/10/10 00:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Desktop Nudes
[2010/10/10 00:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Fixed Folder
[2010/10/10 00:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\MyStuff
[2010/10/10 00:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Recipes
[2010/10/10 00:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Temp Pics
[2010/10/10 00:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Video Editing
[2010/10/10 00:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Desktop
[2010/10/06 19:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/05 13:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2010/10/03 23:37:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/03 23:13:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/03 23:13:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/03 22:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\New Folder
[2010/09/30 20:34:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wayne\Recent
[2010/09/29 14:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/09/26 15:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/09/26 15:46:02 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/09/26 15:46:02 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/09/26 15:45:54 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/09/26 15:44:31 | 000,070,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2010/09/26 15:44:31 | 000,058,816 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2010/09/26 15:44:31 | 000,032,680 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2010/09/26 15:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/26 15:44:28 | 000,115,216 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2010/09/26 15:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2010/09/26 04:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/25 10:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/09/25 00:00:27 | 000,000,000 | ---D | C] -- C:\671feffc3b70b88a397bd6f620fbac40
[2010/09/24 11:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/09/24 10:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\RegRun2
[2010/09/23 20:33:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 20:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/23 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/21 01:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/20 18:08:16 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/15 19:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/05/26 00:21:38 | 000,121,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2001/07/06 16:59:54 | 000,372,736 | ---- | C] (Ed Halley - http://www.halley.cc/stuff/) -- C:\Program Files\Dragnifier.exe
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/10/14 22:15:10 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006UA.job
[2010/10/14 22:04:38 | 000,000,303 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2010/10/14 22:03:51 | 000,100,660 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Puppy.jpg
[2010/10/14 18:18:39 | 066,317,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/14 18:10:29 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/14 17:54:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/14 17:53:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/14 17:52:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/14 14:15:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006Core.job
[2010/10/14 01:23:39 | 001,066,274 | ---- | M] () -- C:\WINDOWS\aptera.bmp
[2010/10/13 20:12:07 | 003,878,092 | R--- | M] () -- C:\Documents and Settings\Wayne\Desktop\ComboFix.exe
[2010/10/12 15:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/12 00:58:10 | 000,001,257 | ---- | M] () -- C:\WINDOWS\goldwave.ini
[2010/10/11 23:43:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/11 19:34:34 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/10/10 15:26:55 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Google Chrome.lnk
[2010/10/10 15:26:55 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/10 13:33:15 | 000,736,854 | ---- | M] () -- C:\WINDOWS\CNorris.bmp
[2010/10/09 23:20:30 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/08 00:49:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/07 18:05:51 | 000,736,854 | ---- | M] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:39:21 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/06 13:06:11 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 17:46:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/05 14:22:00 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/05 13:21:29 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/10/03 23:37:58 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2010/10/01 23:35:41 | 000,960,054 | ---- | M] () -- C:\WINDOWS\Bugatti.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/30 17:48:29 | 000,979,254 | ---- | M] () -- C:\WINDOWS\ssc-ultimate-aero.bmp
[2010/09/30 11:42:57 | 001,274,454 | ---- | M] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/30 10:31:47 | 001,200,054 | ---- | M] () -- C:\WINDOWS\Saleen_S7.bmp
[2010/09/30 08:43:24 | 001,440,054 | ---- | M] () -- C:\WINDOWS\car0.bmp
[2010/09/29 14:13:10 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/09/24 11:26:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/24 11:26:37 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/09/24 11:26:37 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:33:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 17:00:03 | 001,440,998 | ---- | M] () -- C:\WINDOWS\car00.bmp
[2010/09/20 18:08:16 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/20 17:17:05 | 001,296,998 | ---- | M] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | M] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/19 14:45:35 | 000,016,826 | -H-- | M] () -- C:\WINDOWS\vuepro32.GID
[2010/09/18 15:12:24 | 001,121,798 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 02:11:51 | 001,356,054 | ---- | M] () -- C:\WINDOWS\McLaren2.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | M] () -- C:\WINDOWS\McLaren3.bmp
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/10/14 18:09:48 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/14 17:35:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/14 17:35:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 19:52:30 | 003,878,092 | R--- | C] () -- C:\Documents and Settings\Wayne\Desktop\ComboFix.exe
[2010/10/13 16:13:31 | 001,066,274 | ---- | C] () -- C:\WINDOWS\aptera.bmp
[2010/10/10 15:26:55 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/10 15:26:54 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Google Chrome.lnk
[2010/10/10 14:10:50 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006UA.job
[2010/10/10 14:10:50 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006Core.job
[2010/10/10 13:29:25 | 000,736,854 | ---- | C] () -- C:\WINDOWS\CNorris.bmp
[2010/10/08 01:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/07 14:50:51 | 000,736,854 | ---- | C] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:18:08 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/05 22:03:47 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 18:59:39 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/04 19:47:56 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/03 23:37:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/03 23:13:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/03 23:13:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/03 23:13:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/03 03:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/28 18:29:34 | 001,274,454 | ---- | C] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/26 15:46:02 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/09/26 15:46:02 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/09/26 15:45:54 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/09/26 15:44:31 | 000,007,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat
[2010/09/26 15:44:31 | 000,007,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-DNS.cat
[2010/09/26 15:44:28 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplfw.cat
[2010/09/24 10:57:40 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:26:06 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/23 17:00:03 | 001,440,998 | ---- | C] () -- C:\WINDOWS\car00.bmp
[2010/09/22 12:54:42 | 001,440,054 | ---- | C] () -- C:\WINDOWS\car0.bmp
[2010/09/20 17:17:05 | 001,296,998 | ---- | C] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | C] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/18 15:12:25 | 001,121,798 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | C] () -- C:\WINDOWS\McLaren3.bmp
[2010/09/18 01:06:40 | 001,356,054 | ---- | C] () -- C:\WINDOWS\McLaren2.bmp
[2010/05/26 00:36:35 | 000,000,085 | ---- | C] () -- C:\WINDOWS\lagarith.ini
[2010/05/10 22:47:00 | 000,000,090 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2010/04/21 22:46:50 | 000,000,568 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/01/17 03:44:57 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/17 03:44:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/17 03:44:54 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/17 03:44:54 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/17 03:44:51 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/15 00:38:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/08/01 20:55:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/08/01 20:55:29 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\KPSYS32.DLL
[2008/05/30 13:31:47 | 007,151,616 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/02/11 16:39:25 | 000,004,535 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/07 00:58:00 | 000,000,846 | ---- | C] () -- C:\WINDOWS\xxclone.ini
[2005/05/20 13:25:42 | 000,000,303 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2005/05/16 19:40:23 | 000,000,433 | ---- | C] () -- C:\WINDOWS\System32\imgdatwin.dll
[2005/05/16 19:40:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\imgstpath.dll
[2005/05/16 19:39:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\LtDlgRes14n.dll
[2005/05/08 19:17:22 | 000,024,575 | ---- | C] () -- C:\WINDOWS\System32\Winapppiobas50.dll
[2005/05/08 19:16:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/05/08 19:16:01 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/09/30 18:23:07 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2004/09/30 18:15:44 | 000,000,440 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/06 19:04:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/27 01:00:32 | 000,000,086 | ---- | C] () -- C:\WINDOWS\POSTER.INI
[2004/08/19 16:33:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/07/13 12:12:22 | 000,000,583 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/04/06 14:28:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\sversion.ini
[2004/04/01 12:40:14 | 000,000,263 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2004/03/24 15:52:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\jppc.INI
[2004/03/19 15:36:51 | 002,270,720 | ---- | C] () -- C:\WINDOWS\Mgxrdr32.dll
[2004/03/19 15:36:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\LFTIF60N.DLL
[2004/03/19 15:36:51 | 000,043,008 | ---- | C] () -- C:\WINDOWS\LTFIL60N.DLL
[2004/03/19 15:36:51 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFTGA60N.DLL
[2004/03/19 15:36:50 | 000,141,824 | ---- | C] () -- C:\WINDOWS\LFCMP60N.DLL
[2004/03/19 15:36:50 | 000,110,080 | ---- | C] () -- C:\WINDOWS\LFPNG60N.DLL
[2004/03/19 15:36:50 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFPCX60N.DLL
[2004/03/19 15:36:50 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFGIF60N.DLL
[2004/03/19 15:36:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LFPSD60N.DLL
[2004/03/19 15:36:50 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFRAS60N.DLL
[2004/03/19 15:36:18 | 000,399,350 | ---- | C] () -- C:\WINDOWS\ACCUGLD5.DLL
[2004/03/19 15:36:18 | 000,026,233 | ---- | C] () -- C:\WINDOWS\ACCUIFGL.DLL
[2004/02/09 04:25:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/08 18:43:56 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2003/07/12 14:19:54 | 000,000,107 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2003/05/14 21:48:41 | 000,000,300 | ---- | C] () -- C:\WINDOWS\vuesav32.ini
[2003/05/14 11:03:50 | 000,004,673 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/02/08 21:41:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cosdtp.ini
[2003/01/07 00:06:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Magic40.INI
[2003/01/01 22:39:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/12/23 17:11:27 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2002/12/23 17:11:26 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2002/12/22 20:46:27 | 000,006,592 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2002/12/22 20:46:27 | 000,001,257 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2002/12/22 18:25:52 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2002/12/21 20:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2002/12/21 15:19:17 | 000,007,411 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/12/19 15:56:11 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2002/12/19 15:04:25 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2002/12/19 15:04:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2002/12/19 15:04:25 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2002/12/19 15:04:02 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2002/12/19 00:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2002/12/19 00:52:36 | 000,001,871 | ---- | C] () -- C:\WINDOWS\mp3maker.INI
[2002/12/19 00:50:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/12/18 15:13:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dpcnav.INI
[2002/12/18 15:05:00 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\inavevnt.dll
[2002/12/17 19:49:46 | 000,000,896 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2002/12/17 19:49:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2002/12/17 00:20:57 | 000,001,952 | ---- | C] () -- C:\WINDOWS\SCANFX.INI
[2002/12/15 20:17:09 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/10/30 15:49:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/08 11:02:24 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/10/08 04:14:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/10 10:10:05 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/07/06 23:47:50 | 000,003,149 | ---- | C] () -- C:\Program Files\ReadMe.txt
[1999/10/06 17:48:28 | 000,016,476 | ---- | C] () -- C:\WINDOWS\System32\Snapv16.drv
 
========== LOP Check ==========
 
[2009/11/18 12:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/09/23 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/01/08 23:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/07/20 23:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/05/31 14:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/07/03 20:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/10/14 22:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/10/14 17:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/03 14:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2004/09/30 18:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/08/08 16:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2006/11/27 21:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\101 Software
[2010/06/06 19:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\DeepBurner
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\eBay
[2008/02/19 17:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Forte
[2009/04/01 02:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit
[2010/10/05 13:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2009/03/07 02:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\GrabPro
[2010/09/09 13:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\gtk-2.0
[2009/04/24 13:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\hott notes 4
[2010/02/18 22:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\ImTOO Software Studio
[2008/09/22 15:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\IrfanView
[2009/05/01 13:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\K-Meleon
[2010/07/31 10:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leadertech
[2010/01/18 23:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leawo
[2006/11/28 09:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\M8 Software
[2008/01/25 12:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\MP3Rocket
[2010/10/10 14:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Opera
[2009/03/07 03:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Orbit
[2010/09/26 15:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/01/13 22:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Pegasys Inc
[2010/05/11 05:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\STOIK
[2010/09/22 13:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Thunderbird
[2010/05/03 17:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Trusteer
[2002/12/18 03:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Ulead Systems
[2008/12/24 01:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\XnView
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >
I've sent a pm to my mentor to look at this problem but it may take a few days for him to respond.I hope this is not too much of an inconvience to you.
SuperDave, no inconvience at all. You have been more than patient. I can wait.

WayneYour comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.I would not insult the intelligence of the kind people on this site, who volunteer their precious time and knowledge, by not doing as much as possible, to remedy the problem myself, using the self help posted here.Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox browser windows are closed.
  • To run the tool, DOUBLE-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
.

Hi SuperDave, I'm think I may have accidentally cured this problem by experimenting with Firefox. I removed it from my computer completely to see if this bug would somehow migrate to another browser (Chrome). I used it for a few days, with no sign of any hijacking. I then loaded Firefox again, and have been using it for several hours without incident, again, knock on wood. Below is the log...

GooredFix by jpshortstuff (03.07.10.1)
Log created at 02:08 on 21/10/2010 (Wayne)
Firefox version 2.0.0.11 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
[email protected] [06:31 21/10/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:31 21/10/2010]

C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\qddlnzpx.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

-=E.O.F=-Well, that's good news. Let's give it a few days. If it's fixed post back again and we'll do whatever cleanup is necessary.Hi SuperDave, well I've given it a week of constant surfing so far, and there is no evidence that the bug is still around. I have used three different browsers and found no problem. Thanks kindly for all your patience. You mentioned something about a cleanup?That's good news. We'll just do some cleanup.

* Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
**********************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp BUTTON.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
**************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*****************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!


Discussion

No Comment Found

Related InterviewSolutions