TechSpot

Trojan.RootKit/Gen.Process detected by SUPERAntiSpyware

By Buzz
Jun 13, 2010
  1. Turned my PC on today and noticed it took a much longer start-up time.
    Went on-line using Firefox as usual ... ADSL connection would hardly work ... changed over to CDMA dongle connection and on-line ok ... but thinking something wrong ... went off-line and scanned with
    Avira - nil result
    MBAM - nil result
    SASpyware - detected Trojan.RootKit/Gen
    I then used my laptop to go on-line and read that others using SASpyware had only deleted the trojan files and does not repair damage caused by this Trojan.
    I took no action and closed down SASpyware.

    Decided to contact you guys as best way to go.
    No problems with Steps 1~4, but had major problems when trying to get the gmer.log.
    First time I ran it (in RootKit tab) it crashed windows and I got the BSOD. I had unknowingly left my printer turned-on and also my firewall - ZAlarm (Avira Guard had been deactivated).
    Restarted PC
    (printer and ZA now off, and also then turned off windows firewall)
    Ran the gmer.exe again, but it was just taking ages - seemed like everything was related to ZA and it could have been in some sort of loop.
    Tried with 'Devices" unchecked - same results.
    Decided to delete gmer.exe and re-download (now with different filename) ...
    Ran it again, but after about 30mins again (log size about 90odd KB) - i thought must be something wrong ... stop and saved what it had logged up to that time.

    * would you like me to copy and paste MBAM log, GMER log, and DDS logs or attach them ?

    many thanks & regards,
    Buzz

    PS: Apologies for the long winded description.
     
  2. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    Have read a few of the other recents threads and seems like ok to attach the logs.

    Also, forgot to mention when running GMER my comp froze a few times as well.

    cheers,
    Buzz
     

    Attached Files:

  3. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    So far looking good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    Thanks heaps Broni for your prompt reply.

    ComboFix worked perfectly.

    Have attached the ComboFix.txt
     

    Attached Files:

  5. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Looks good :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    =====================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  6. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    Here you go Broni,
    Thanks very muchly,
    Buzz

    PS: These files are too long - error message - "Please shorten to 20,000 characters long"
    So, will send in parts.

    OTL.txt - part 1

    OTL logfile created on: 15-Jun-10 12:30:01 PM - Run 1
    OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Buzzzzz\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 250.00 Gb Total Space | 201.81 Gb Free Space | 80.72% Space Free | Partition Type: NTFS
    Drive D: | 48.08 Gb Total Space | 36.15 Gb Free Space | 75.18% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: W-924BCAF39F124
    Current User Name: Buzzzzz
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010-06-15 12:27:24 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buzzzzz\Desktop\OTL.exe
    PRC - [2010-05-26 20:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    PRC - [2010-05-26 20:35:14 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    PRC - [2010-05-26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    PRC - [2010-05-26 13:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2010-04-16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010-04-07 02:44:44 | 000,107,056 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    PRC - [2010-04-07 02:44:14 | 000,247,856 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    PRC - [2010-04-01 07:24:08 | 000,194,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
    PRC - [2010-03-27 02:07:02 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    PRC - [2009-07-21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2009-05-13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2009-03-02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2008-05-03 12:31:46 | 000,071,096 | ---- | M] () -- C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
    PRC - [2008-04-14 07:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010-06-15 12:27:24 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buzzzzz\Desktop\OTL.exe
    MOD - [2010-05-26 20:35:24 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    MOD - [2009-07-12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2009-07-12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
    MOD - [2008-04-14 07:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010-05-26 20:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
    SRV - [2010-05-26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2010-04-16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010-04-07 02:44:46 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
    SRV - [2010-04-07 02:44:14 | 000,247,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
    SRV - [2010-04-01 07:24:08 | 000,194,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2010-03-27 02:07:02 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
    SRV - [2009-09-24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
    SRV - [2009-07-21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009-05-13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2008-12-01 11:01:02 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
    SRV - [2008-05-03 12:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe -- (NMSAccessU)


    ========== Driver Services (SafeList) ==========

    DRV - [2010-05-26 20:35:10 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
    DRV - [2010-05-13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2009-12-08 12:00:31 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009-09-16 03:04:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2009-09-15 11:42:48 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009-09-15 11:42:46 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009-09-15 11:42:44 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2009-07-23 02:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
    DRV - [2009-05-11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2008-04-09 15:36:51 | 000,116,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
    DRV - [2008-04-09 15:36:51 | 000,105,984 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
    DRV - [2007-10-25 06:02:00 | 006,864,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2007-10-16 17:38:30 | 004,615,168 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007-09-20 18:07:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2007-09-20 18:07:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2007-07-07 14:13:10 | 000,012,032 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2005-08-17 08:04:00 | 000,073,696 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmo_serd.sys -- (cmo_serd) Data Modem @ CDMA Second DS Port (WDM)
    DRV - [2005-08-17 08:02:12 | 000,093,904 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmo_mdm.sys -- (cmo_mdm)
    DRV - [2005-08-17 08:02:06 | 000,008,304 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmo_mdfl.sys -- (cmo_mdfl)
    DRV - [2005-08-17 07:59:56 | 000,058,352 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmo_bus.sys -- (cmo_bus) Data Modem @ CDMA Composite Device driver (WDM)
    DRV - [2005-01-08 05:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2004-08-04 13:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2001-08-18 04:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.spavilla.s5.com"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
    FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
    FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3
    FF - prefs.js..extensions.enabledItems: {3fb63340-652a-11dd-ad8b-0800200c9a66}:3.5.200
    FF - prefs.js..extensions.enabledItems: {d62e0de0-401b-11dd-ae16-0800200c9a66}:4.5.4
    FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
    FF - prefs.js..extensions.enabledItems: Office2007Black@JBBS:1.5.1
    FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5

    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010-06-15 00:13:38 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-17 03:20:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-22 20:40:01 | 000,000,000 | ---D | M]

    [2008-12-03 01:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Extensions
    [2010-06-15 00:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions
    [2009-10-29 13:35:12 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
    [2010-01-31 13:07:30 | 000,000,000 | ---D | M] (AvantGarde Nightlife) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{3fb63340-652a-11dd-ad8b-0800200c9a66}
    [2010-02-10 11:20:46 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    [2009-08-03 00:14:29 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2009-10-07 16:37:38 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
    [2010-05-02 07:25:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010-02-14 14:54:41 | 000,000,000 | ---D | M] (AvantGarde Skylight) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}
    [2010-01-23 08:34:21 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    [2010-05-13 11:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\cfxe@Triton
    [2010-05-13 11:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\cfxHelper@Triton
    [2010-03-17 19:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\chromifox@altmusictv.com
    [2010-05-02 07:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\foxmarks@kei.com
    [2010-05-06 11:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\Office2007Black@JBBS
    [2010-04-14 12:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\personas@christopher.beard
    [2010-02-10 11:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
    [2010-02-10 11:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
    [2010-02-10 11:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
    [2010-02-10 11:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
    [2010-06-15 00:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010-05-22 20:40:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009-11-25 11:16:55 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
     
  7. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    OTL.txt - part 2:


    O1 HOSTS File: ([2010-06-14 13:07:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
    O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.78.dll File not found
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\Buzzzzz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Buzzzzz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008-12-02 10:23:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2008-12-03 00:57:59 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (64752855394811904)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010-06-15 12:27:24 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Buzzzzz\Desktop\OTL.exe
    [2010-06-14 13:47:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010-06-14 13:03:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010-06-14 12:59:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010-06-13 18:53:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010-06-13 16:47:08 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Buzzzzz\Desktop\TFC.exe
    [2010-06-08 17:25:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\IswTmp
    [2010-05-29 01:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buzzzzz\My Documents\ForceField Shared Files
    [2010-05-29 01:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buzzzzz\Application Data\CheckPoint
    [2010-05-29 01:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2010-05-23 03:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buzzzzz\Desktop\Nu Music
    [2010-05-23 00:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoodSync
    [2010-05-17 03:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010-05-17 03:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010-05-17 03:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010-05-17 03:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010-05-03 16:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010-03-31 04:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010-03-31 04:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010-03-28 21:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Everything
    [2010-03-28 16:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buzzzzz\My Documents\Phones
    [2010-03-18 00:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buzzzzz\Application Data\mIRC

    ========== Files - Modified Within 90 Days ==========

    [2010-06-15 12:27:37 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010-06-15 12:27:37 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010-06-15 12:27:37 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010-06-15 12:27:24 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buzzzzz\Desktop\OTL.exe
    [2010-06-15 12:23:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010-06-15 12:23:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010-06-15 12:23:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010-06-15 12:22:33 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Buzzzzz\NTUSER.DAT
    [2010-06-15 12:11:05 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010-06-15 04:48:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-507921405-725345543-1003UA.job
    [2010-06-14 16:48:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-507921405-725345543-1003Core.job
    [2010-06-14 13:07:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010-06-14 13:07:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010-06-14 13:03:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010-06-13 18:53:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\cd.dat
    [2010-06-13 18:53:04 | 3220,340,736 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2010-06-13 16:47:28 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buzzzzz\Desktop\TFC.exe
    [2010-06-12 13:32:00 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010-06-12 03:43:07 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-06-10 12:45:41 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010-06-10 04:44:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010-06-07 16:44:02 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TOTadsl.lnk
    [2010-06-06 15:10:35 | 011,048,840 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\veetle-0.9.17.exe
    [2010-06-03 19:38:01 | 009,569,843 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\2011 Crossbow & Nomad.zip
    [2010-05-31 18:07:43 | 006,447,383 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\ck product board.pdf.zip
    [2010-05-30 15:18:32 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\PUTTY.RND
    [2010-05-30 15:16:00 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010-05-30 12:35:13 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\Shortcut to ProcessExplorer.zip.lnk
    [2010-05-29 13:33:13 | 000,473,743 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\UltraStream.zip
    [2010-05-29 01:26:07 | 000,421,531 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
    [2010-05-29 01:25:42 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
    [2010-05-26 14:13:03 | 000,166,652 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\addvertising-from-Cox.jpg
    [2010-05-23 00:01:55 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GoodSync.lnk
    [2010-05-22 22:58:12 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\TaskManager procexp.exe.lnk
    [2010-05-18 16:08:08 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010-05-18 16:08:08 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010-05-15 00:19:41 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010-05-03 16:36:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010-04-22 16:55:28 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\CabLogo.gif
    [2010-03-28 21:47:03 | 000,341,811 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\Everything-1.2.1.371.exe
    [2010-03-25 16:18:43 | 000,020,986 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\Free Stock ListMar25.zip
    [2010-03-18 14:15:02 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\Main web page www.doc
    [2010-03-17 16:17:47 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\My Documents\SAMUI TIDE March2010.doc

    ========== Files Created - No Company Name ==========

    [2010-06-14 13:03:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010-06-14 13:03:41 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010-06-13 18:53:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
    [2010-06-07 16:44:02 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TOTadsl.lnk
    [2010-06-06 15:02:17 | 011,048,840 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\veetle-0.9.17.exe
    [2010-06-03 19:35:00 | 009,569,843 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\2011 Crossbow & Nomad.zip
    [2010-05-31 18:04:27 | 006,447,383 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\ck product board.pdf.zip
    [2010-05-30 12:35:13 | 000,000,452 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\Shortcut to ProcessExplorer.zip.lnk
    [2010-05-29 13:38:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\PUTTY.RND
    [2010-05-29 13:33:04 | 000,473,743 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\UltraStream.zip
    [2010-05-26 14:13:03 | 000,166,652 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\addvertising-from-Cox.jpg
    [2010-05-22 22:58:12 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\TaskManager procexp.exe.lnk
    [2010-05-17 03:22:07 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010-05-15 00:19:41 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010-05-03 16:36:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010-04-22 16:55:28 | 000,002,105 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\CabLogo.gif
    [2010-03-28 21:46:51 | 000,341,811 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\Everything-1.2.1.371.exe
    [2010-03-26 16:43:53 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-507921405-725345543-1003UA.job
    [2010-03-26 16:43:53 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-507921405-725345543-1003Core.job
    [2010-03-25 16:18:43 | 000,020,986 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\Free Stock ListMar25.zip
    [2010-03-17 16:17:47 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\My Documents\SAMUI TIDE March2010.doc
    [2009-10-03 16:48:45 | 000,000,141 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009-01-08 01:20:14 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009-01-08 01:20:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2009-01-08 01:20:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2009-01-08 01:20:12 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009-01-08 01:20:12 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009-01-08 01:20:12 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009-01-08 01:20:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2008-12-04 01:27:46 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2008-12-03 19:13:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
    [2008-12-02 10:40:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007-10-25 06:02:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2007-10-25 06:02:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2007-10-25 06:02:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2007-10-25 06:02:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2007-10-25 06:02:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2003-01-07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2009-06-12 12:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2009-11-16 12:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009-12-21 00:45:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2009-12-21 00:54:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
    [2009-12-21 03:37:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2010-05-23 00:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
    [2009-10-29 00:27:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
    [2010-02-14 01:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
    [2010-05-17 03:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009-09-10 23:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009-07-22 03:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010-02-08 17:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Canon
    [2010-05-29 01:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\CheckPoint
    [2010-02-14 02:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\CopyTransPhoto
    [2010-01-09 01:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\FireShot
    [2009-08-03 00:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Foxit
    [2009-09-04 00:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Foxit Software
    [2010-05-23 00:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\GoodSync
    [2010-02-21 19:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\IObit
    [2009-10-03 15:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\LimeWire
    [2010-05-02 06:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Thai2English
    [2010-06-15 03:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\uTorrent
    [2010-02-14 01:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\WindSolutions

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2001-05-24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2008-12-03 07:47:34 | 000,237,568 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008-12-03 00:41:44 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
    [2008-12-03 07:47:34 | 014,680,064 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008-12-03 07:47:35 | 004,718,592 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
    < End of report >
     
  8. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    Extras.txt - part 1:

    OTL Extras logfile created on: 15-Jun-10 12:30:02 PM - Run 1
    OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Buzzzzz\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 250.00 Gb Total Space | 201.81 Gb Free Space | 80.72% Space Free | Partition Type: NTFS
    Drive D: | 48.08 Gb Total Space | 36.15 Gb Free Space | 75.18% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: W-924BCAF39F124
    Current User Name: Buzzzzz
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] --

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
     
  9. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    Extras.txt - part 2:


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
    "{279ECFF8-5EB9-4307-AD3D-AD7848648ECF}" = GoogleDesktop
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{846442ED-CE63-445D-914E-71F2B7EE5D7F}_is1" = Altysoft Free Video Converter 2.0
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{ABB4B2BE-EE73-4433-AA3E-258A755C3A4E}_is1" = Thai2English
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
    "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7E24A54-57A8-4137-B3F4-C7A0B26BB5BB}" = C-motech Connection Manager(CCU650)
    "{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E209F988-EF49-4B3D-84A6-3CBB67F058AC}" = Google SketchUp 7
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "CCleaner" = CCleaner (remove only)
    "CopyTrans Suite" = CopyTrans Suite Remove Only
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Everything" = Everything 1.2.1.371
    "ffdshow_is1" = ffdshow [rev 735] [2007-01-02]
    "Foxit PDF Editor" = Foxit PDF Editor
    "Foxit Reader" = Foxit Reader
    "HijackThis" = HijackThis 2.0.2
    "HotspotShield" = Hotspot Shield 1.41
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.6
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "Picasa 3" = Picasa 3
    "Smart Defrag_is1" = Smart Defrag
    "The KMPlayer" = The KMPlayer (remove only)
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinX DVD Author_is1" = WinX DVD Author 5.5.8
    "ZoneAlarm" = ZoneAlarm
    "ZoneAlarm Toolbar" = ZoneAlarm Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "c1f708ccb06b460f" = unikode for Thai
    "Google Chrome" = Google Chrome
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 14-Jun-10 12:58:07 PM | Computer Name = W-924BCAF39F124 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 15-Jun-10 1:00:17 AM | Computer Name = W-924BCAF39F124 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    Error - 15-Jun-10 1:00:17 AM | Computer Name = W-924BCAF39F124 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 15-Jun-10 1:00:22 AM | Computer Name = W-924BCAF39F124 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    Error - 15-Jun-10 1:00:22 AM | Computer Name = W-924BCAF39F124 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 15-Jun-10 1:11:05 AM | Computer Name = W-924BCAF39F124 | Source = Google Update | ID = 20
    Description =

    Error - 15-Jun-10 1:23:21 AM | Computer Name = W-924BCAF39F124 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    Error - 15-Jun-10 1:23:23 AM | Computer Name = W-924BCAF39F124 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    Error - 15-Jun-10 1:23:35 AM | Computer Name = W-924BCAF39F124 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    Error - 15-Jun-10 1:23:37 AM | Computer Name = W-924BCAF39F124 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    [ System Events ]
    Error - 13-Jun-10 5:53:31 AM | Computer Name = W-924BCAF39F124 | Source = Service Control Manager | ID = 7034
    Description = The Hotspot Shield Monitoring Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 13-Jun-10 5:53:31 AM | Computer Name = W-924BCAF39F124 | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 13-Jun-10 5:53:31 AM | Computer Name = W-924BCAF39F124 | Source = Service Control Manager | ID = 7034
    Description = The NVIDIA Display Driver Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 13-Jun-10 5:53:31 AM | Computer Name = W-924BCAF39F124 | Source = Service Control Manager | ID = 7034
    Description = The NMSAccessU service terminated unexpectedly. It has done this
    1 time(s).

    Error - 13-Jun-10 7:53:56 AM | Computer Name = W-924BCAF39F124 | Source = System Error | ID = 1003
    Description = Error code 1000008e, parameter1 c0000005, parameter2 00030030, parameter3
    8715df9c, parameter4 00000000.

    Error - 14-Jun-10 2:48:46 AM | Computer Name = W-924BCAF39F124 | Source = Service Control Manager | ID = 7034
    Description = The Bonjour Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 14-Jun-10 4:45:27 AM | Computer Name = W-924BCAF39F124 | Source = Service Control Manager | ID = 7034
    Description = The Bonjour Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 14-Jun-10 4:48:34 AM | Computer Name = W-924BCAF39F124 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.3 for the Network Card with network
    address 0021853BFF19 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 14-Jun-10 12:59:52 PM | Computer Name = W-924BCAF39F124 | Source = Service Control Manager | ID = 7034
    Description = The Bonjour Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 15-Jun-10 1:16:42 AM | Computer Name = W-924BCAF39F124 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.3 for the Network Card with network
    address 0021853BFF19 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).


    < End of report >
     
  10. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
      [2010-06-13 18:53:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\cd.dat
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "AntiVirusOverride" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring" =-
      
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  11. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found not found.
    C:\WINDOWS\system32\cd.dat moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: All Users

    User: Buzzzzz
    ->Temp folder emptied: 3617365 bytes
    ->Temporary Internet Files folder emptied: 19096346 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 106339700 bytes
    ->Google Chrome cache emptied: 856432 bytes
    ->Flash cache emptied: 2122 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 1982216 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 1981900 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1034184 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 295643 bytes

    Total Files Cleaned = 129.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Buzzzzz
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.6.0 log created on 06152010_125749

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Buzzzzz\Local Settings\Temp\~DFEAD1.tmp moved successfully.
    File\Folder C:\WINDOWS\temp\ZLT06677.TMP not found!

    Registry entries deleted on Reboot...
     
  12. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    QuickScan log - part 1


    OTL logfile created on: 15-Jun-10 1:02:35 PM - Run 2
    OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Buzzzzz\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 250.00 Gb Total Space | 201.84 Gb Free Space | 80.74% Space Free | Partition Type: NTFS
    Drive D: | 48.08 Gb Total Space | 36.15 Gb Free Space | 75.18% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: W-924BCAF39F124
    Current User Name: Buzzzzz
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010-06-15 12:27:24 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buzzzzz\Desktop\OTL.exe
    PRC - [2010-05-26 20:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    PRC - [2010-05-26 20:35:14 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    PRC - [2010-05-26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    PRC - [2010-05-26 13:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2010-04-16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010-04-07 02:44:44 | 000,107,056 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    PRC - [2010-04-07 02:44:14 | 000,247,856 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    PRC - [2010-04-01 07:24:08 | 000,194,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
    PRC - [2010-03-27 02:07:02 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    PRC - [2009-07-21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2009-05-13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2009-03-02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2008-05-03 12:31:46 | 000,071,096 | ---- | M] () -- C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
    PRC - [2008-04-14 07:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010-06-15 12:27:24 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buzzzzz\Desktop\OTL.exe
    MOD - [2010-05-26 20:35:24 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    MOD - [2009-07-12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2009-07-12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
    MOD - [2008-04-14 07:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010-05-26 20:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
    SRV - [2010-05-26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2010-04-16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010-04-07 02:44:46 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
    SRV - [2010-04-07 02:44:14 | 000,247,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
    SRV - [2010-04-01 07:24:08 | 000,194,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2010-03-27 02:07:02 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
    SRV - [2009-09-24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
    SRV - [2009-07-21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009-05-13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2008-12-01 11:01:02 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
    SRV - [2008-05-03 12:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe -- (NMSAccessU)


    ========== Driver Services (SafeList) ==========

    DRV - [2010-05-26 20:35:10 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
    DRV - [2010-05-13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2009-12-08 12:00:31 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009-09-16 03:04:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2009-09-15 11:42:48 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009-09-15 11:42:46 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009-09-15 11:42:44 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2009-07-23 02:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
    DRV - [2009-05-11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2008-04-09 15:36:51 | 000,116,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
    DRV - [2008-04-09 15:36:51 | 000,105,984 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
    DRV - [2007-10-25 06:02:00 | 006,864,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2007-10-16 17:38:30 | 004,615,168 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007-09-20 18:07:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2007-09-20 18:07:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2007-07-07 14:13:10 | 000,012,032 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2005-08-17 08:04:00 | 000,073,696 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmo_serd.sys -- (cmo_serd) Data Modem @ CDMA Second DS Port (WDM)
    DRV - [2005-08-17 08:02:12 | 000,093,904 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmo_mdm.sys -- (cmo_mdm)
    DRV - [2005-08-17 08:02:06 | 000,008,304 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmo_mdfl.sys -- (cmo_mdfl)
    DRV - [2005-08-17 07:59:56 | 000,058,352 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmo_bus.sys -- (cmo_bus) Data Modem @ CDMA Composite Device driver (WDM)
    DRV - [2005-01-08 05:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2004-08-04 13:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2001-08-18 04:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.spavilla.s5.com"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
    FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
    FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3
    FF - prefs.js..extensions.enabledItems: {3fb63340-652a-11dd-ad8b-0800200c9a66}:3.5.200
    FF - prefs.js..extensions.enabledItems: {d62e0de0-401b-11dd-ae16-0800200c9a66}:4.5.4
    FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
    FF - prefs.js..extensions.enabledItems: Office2007Black@JBBS:1.5.1
    FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5

    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010-06-15 00:13:38 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-17 03:20:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-22 20:40:01 | 000,000,000 | ---D | M]

    [2008-12-03 01:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Extensions
    [2010-06-15 00:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions
    [2009-10-29 13:35:12 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
    [2010-01-31 13:07:30 | 000,000,000 | ---D | M] (AvantGarde Nightlife) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{3fb63340-652a-11dd-ad8b-0800200c9a66}
    [2010-02-10 11:20:46 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    [2009-08-03 00:14:29 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2009-10-07 16:37:38 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
    [2010-05-02 07:25:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010-02-14 14:54:41 | 000,000,000 | ---D | M] (AvantGarde Skylight) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}
    [2010-01-23 08:34:21 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    [2010-05-13 11:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\cfxe@Triton
    [2010-05-13 11:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\cfxHelper@Triton
    [2010-03-17 19:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\chromifox@altmusictv.com
    [2010-05-02 07:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\foxmarks@kei.com
    [2010-05-06 11:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\Office2007Black@JBBS
    [2010-04-14 12:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\personas@christopher.beard
    [2010-02-10 11:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
    [2010-02-10 11:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
    [2010-02-10 11:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
    [2010-02-10 11:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
    [2010-06-15 00:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010-05-22 20:40:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009-11-25 11:16:55 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
     
  13. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    QuickScan Log - part 2


    O1 HOSTS File: ([2010-06-15 12:57:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
    O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.78.dll File not found
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\Buzzzzz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Buzzzzz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008-12-02 10:23:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010-06-15 12:57:49 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010-06-15 12:27:24 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Buzzzzz\Desktop\OTL.exe
    [2010-06-14 13:47:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010-06-14 13:03:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010-06-14 12:59:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010-06-13 18:53:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010-06-13 16:47:08 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Buzzzzz\Desktop\TFC.exe
    [2010-06-08 17:25:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\IswTmp
    [2010-05-29 01:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buzzzzz\My Documents\ForceField Shared Files
    [2010-05-29 01:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buzzzzz\Application Data\CheckPoint
    [2010-05-29 01:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2010-05-23 03:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buzzzzz\Desktop\Nu Music
    [2010-05-23 00:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoodSync
    [2010-05-17 03:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010-05-17 03:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010-05-17 03:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010-05-17 03:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010-05-03 16:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010-03-31 04:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010-03-31 04:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010-03-28 21:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Everything
    [2010-03-28 16:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buzzzzz\My Documents\Phones
    [2010-03-18 00:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buzzzzz\Application Data\mIRC

    ========== Files - Modified Within 90 Days ==========

    [2010-06-15 13:03:36 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010-06-15 13:03:36 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010-06-15 13:03:36 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010-06-15 12:59:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\cd.dat
    [2010-06-15 12:59:06 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010-06-15 12:59:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010-06-15 12:58:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010-06-15 12:58:13 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Buzzzzz\NTUSER.DAT
    [2010-06-15 12:57:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010-06-15 12:48:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-507921405-725345543-1003UA.job
    [2010-06-15 12:27:24 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buzzzzz\Desktop\OTL.exe
    [2010-06-15 12:11:05 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010-06-14 16:48:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-507921405-725345543-1003Core.job
    [2010-06-14 13:07:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010-06-14 13:03:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010-06-13 18:53:04 | 3220,340,736 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2010-06-13 16:47:28 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buzzzzz\Desktop\TFC.exe
    [2010-06-12 13:32:00 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010-06-12 03:43:07 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-06-10 12:45:41 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010-06-10 04:44:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010-06-07 16:44:02 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TOTadsl.lnk
    [2010-06-06 15:10:35 | 011,048,840 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\veetle-0.9.17.exe
    [2010-06-03 19:38:01 | 009,569,843 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\2011 Crossbow & Nomad.zip
    [2010-05-31 18:07:43 | 006,447,383 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\ck product board.pdf.zip
    [2010-05-30 15:18:32 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\PUTTY.RND
    [2010-05-30 15:16:00 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010-05-30 12:35:13 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\Shortcut to ProcessExplorer.zip.lnk
    [2010-05-29 13:33:13 | 000,473,743 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\UltraStream.zip
    [2010-05-29 01:26:07 | 000,421,531 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
    [2010-05-29 01:25:42 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
    [2010-05-26 14:13:03 | 000,166,652 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\addvertising-from-Cox.jpg
    [2010-05-23 00:01:55 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GoodSync.lnk
    [2010-05-22 22:58:12 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\TaskManager procexp.exe.lnk
    [2010-05-18 16:08:08 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010-05-18 16:08:08 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010-05-15 00:19:41 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010-05-03 16:36:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010-04-22 16:55:28 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\CabLogo.gif
    [2010-03-28 21:47:03 | 000,341,811 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\Everything-1.2.1.371.exe
    [2010-03-25 16:18:43 | 000,020,986 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\Free Stock ListMar25.zip
    [2010-03-18 14:15:02 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\Desktop\Main web page www.doc
    [2010-03-17 16:17:47 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\Buzzzzz\My Documents\SAMUI TIDE March2010.doc

    ========== Files Created - No Company Name ==========

    [2010-06-15 12:59:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
    [2010-06-14 13:03:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010-06-14 13:03:41 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010-06-07 16:44:02 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TOTadsl.lnk
    [2010-06-06 15:02:17 | 011,048,840 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\veetle-0.9.17.exe
    [2010-06-03 19:35:00 | 009,569,843 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\2011 Crossbow & Nomad.zip
    [2010-05-31 18:04:27 | 006,447,383 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\ck product board.pdf.zip
    [2010-05-30 12:35:13 | 000,000,452 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\Shortcut to ProcessExplorer.zip.lnk
    [2010-05-29 13:38:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\PUTTY.RND
    [2010-05-29 13:33:04 | 000,473,743 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\UltraStream.zip
    [2010-05-26 14:13:03 | 000,166,652 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\addvertising-from-Cox.jpg
    [2010-05-22 22:58:12 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\TaskManager procexp.exe.lnk
    [2010-05-17 03:22:07 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010-05-15 00:19:41 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010-05-03 16:36:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010-04-22 16:55:28 | 000,002,105 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\CabLogo.gif
    [2010-03-28 21:46:51 | 000,341,811 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\Everything-1.2.1.371.exe
    [2010-03-26 16:43:53 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-507921405-725345543-1003UA.job
    [2010-03-26 16:43:53 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-507921405-725345543-1003Core.job
    [2010-03-25 16:18:43 | 000,020,986 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\Desktop\Free Stock ListMar25.zip
    [2010-03-17 16:17:47 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\Buzzzzz\My Documents\SAMUI TIDE March2010.doc
    [2009-10-03 16:48:45 | 000,000,141 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009-01-08 01:20:14 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009-01-08 01:20:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2009-01-08 01:20:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2009-01-08 01:20:12 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009-01-08 01:20:12 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009-01-08 01:20:12 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009-01-08 01:20:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2008-12-04 01:27:46 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2008-12-03 19:13:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
    [2008-12-02 10:40:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007-10-25 06:02:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2007-10-25 06:02:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2007-10-25 06:02:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2007-10-25 06:02:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2007-10-25 06:02:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2003-01-07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2009-06-12 12:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2009-11-16 12:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009-12-21 00:45:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2009-12-21 00:54:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
    [2009-12-21 03:37:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2010-05-23 00:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
    [2009-10-29 00:27:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
    [2010-02-14 01:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
    [2010-05-17 03:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009-09-10 23:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009-07-22 03:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010-02-08 17:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Canon
    [2010-05-29 01:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\CheckPoint
    [2010-02-14 02:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\CopyTransPhoto
    [2010-01-09 01:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\FireShot
    [2009-08-03 00:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Foxit
    [2009-09-04 00:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Foxit Software
    [2010-05-23 00:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\GoodSync
    [2010-02-21 19:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\IObit
    [2009-10-03 15:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\LimeWire
    [2010-05-02 06:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\Thai2English
    [2010-06-15 03:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\uTorrent
    [2010-02-14 01:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buzzzzz\Application Data\WindSolutions

    ========== Purity Check ==========


    < End of report >
     
  14. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Good :)

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  15. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    All good i think so far Broni ... Kaspersky didn't find any threats.

    Last time i did a iTunes update it installed automatically bonjour.exe - I googled it, and seems like it's hard to delete it all - what do you think ? ... should I delete it - if so, how ?
    once again thanks so much for your excellent support !
    cheers for now,
    Buzz

    PS: I like my iPhone, but hate Apple's control by insisting iTunes etc...




    KASPERSKY ONLINE SCANNER 7.0: scan report
    Wednesday, June 16, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Wednesday, June 16, 2010 03:23:50
    Records in database: 4284652
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\

    Scan statistics:
    Objects scanned: 59945
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 00:54:52

    No threats found. Scanned area is clean.

    Selected area has been scanned.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    I don't like it either, but not a big deal.
    If you insist, here is how to remove it: http://www.raymond.cc/blog/archives/2008/02/10/how-to-uninstall-or-remove-bonjour-mdnsresponderexe/

    =========================================================================

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    ======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
  17. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    Thanks heaps Broni !!!

    However, when I ran OTL cleanup - all was going well - started reboot and just as my comp had been turned-off and then was just about to re-start, the electric went off !

    When I turned my comp back on and the OTL.exe was missing from my desk-top.

    I was going to do the system restore procedure you sent, but thought better to check with you first - as i don't know if the OTL completed it's job or not ?
    Should I repeat the OTL clean-up (would have to download OTL again) ?

    many many thanks and regards from a tropical island in the south of Thailand,
    Buzz
     
  18. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    You're very welcome :)

    Yes, please.

    Never use system restore on just cleaned up computer, because, most likely, some restore points are infected.
    That's why in next step after OTL Cleanup, you're suppose to reset restore points.
     
  19. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    All done Broni !
    doing the new passwords was the hardest/longest bit ... haha

    I need to get some software, and if you could tip me in the right direction for the following, muchly appreciated.
    1. good back-up program (I already have GoodSync, but never used it)
    2. good software updater program
    3. better windows explorer than windows explorer
    4. maybe, duplicate file finder - for a decent clean-up

    All in all, apart from the time-lag between us, I'm stoked with your service !
    thanks again,
    Buzz
     
  20. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    You're very welcome :)

    1. The best back up is to create hard drive image:

    Acronis True Image: http://www.acronis.com/ - not free, but the best

    Free alternatives:
    - Macrium Reflect: http://www.macrium.com/ReflectFree.asp
    - DriveImage XML: http://www.runtime.org/driveimage-xml.htm (tutorial: http://www.bleepingcomputer.com/tutorials/tutorial160.html)
    - SelfImage: http://www.excelcia.org/modules.php?name=News&file=article&sid=21
    - Paragon Drive Backup: http://www.paragon-software.com/home/db-express/

    2. FileHippo.com Update Checker: http://www.filehippo.com/updatechecker/

    3. There are many out there. I still simply use Windows Explorer, but you may want to check Q-Dir: http://www.softwareok.com/?seite=freeware/q-dir

    4. Duplicate file finder is usually a bad idea. Too risky, since you can remove legit file.
    For instance, many same Windows files are located in different locations.
    TFC, which you just use is just all you need for cleanup.

    Good luck and stay safe :)
     
  21. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    Thanks heaps again Broni for all the advice and time taken - muchly appreciated.

    I got a bit worried when I had another slow start up this morning ...

    Avira had picked up some possible malware I think it said(it flashed up so quick) - and advised 'deny access', which I did. Then did a scan with Avira about an hour prior to shut-down last nite. All ok.

    After slow start-up in the morning, I updated Avira, MWAB, Spybot. Could not update SuperAntiSpyware - said my ZA firewall was preventing - turned it off and Windows firewall on, and same message ?
    (Should I un-install and then re-install SAS ?)
    MWAB - scan ok
    Spybot - scan 26 tracking cookies - fixed
    SAS - scan 15 tracking cookies - fixed

    then did a defrag ... reboot ... and after using PC for a while shut-down.
    Start-up later in the day fine ... comp seems to be working fine ...

    cheers,
    Buzz
     
  22. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    You can surely give it a shot.

    Tracking cookies are OK, just text files, nothing malicious.
     
  23. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    All ok Broni ...

    Updates for SAS suddenly started to work so no need to re-install.

    Thanks for everything and all your time !

    If you ever get over to this part of the world - let me know as I have some nice Villas.
    cheers,
    Buzz
     
  24. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    I'll be looking for stopping by in Thailand :)
     
  25. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    Just let me know when ... :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...