Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Can someone please help

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
jaktunner
Junior Member


Joined: 08 Feb 2012
Last Visit: 10 Feb 2012
Posts: 10

PostPosted: Wed Feb 08, 2012 9:11 am    Post subject: Can someone please help Reply with quote

I have been dealing with a very serious annoyance for the past few days, started about 3 days ago after my wife got off the computer to go to work, here is my problem:

Every time I use google or any other search engine I get redirected when clicking any links, the site that redirects me is Allertsearch.net, it then redirects me again sometimes to a third or even fourth site. I have done many searches to find out what is going on and almost every site I visit says it is a virus or malware program and they offer a system tool to fix it. I don't have the money to be dropping on programs constantly so I was hoping you guys could help me out because you have done so in the past.

This isn't the original site I used to post on so I don't know what you guys want me to post but I have 3 different logfiles.

DDS notepad:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Cas Mark at 10:02:16 on 2012-02-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.261 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\sand\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
E:\PCDoctor\KSafeSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
E:\PCDoctor\KSafeTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\avasts~1\avast\aswWebRepIE.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\avasts~1\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [KSafeTray] "e:\pcdoctor\KSafeTray.exe" -autorun
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{F6B72412-0347-4D0F-B574-CE3457DBB3F1} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
Hosts: 94.63.240.163 www.google.com
Hosts: 94.63.240.164 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cas mark\application data\mozilla\firefox\profiles\8cc3sx5j.default\
FF - plugin: c:\documents and settings\cas mark\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-7-13 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-7-13 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-7-13 13616]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-8 435032]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 KSafeSvc;KSafe service;e:\pcdoctor\KSafeSvc.exe [2011-12-6 452000]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.17.20\SymcPCCULaunchSvc.exe [2012-1-14 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.17.20\ccSvcHst.exe [2012-1-14 126392]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 SbieDrv;SbieDrv;e:\sand\SbieDrv.sys [2011-11-23 131856]
RUnknown aswSP;aswSP; [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
UnknownUnknown aswFsBlk;aswFsBlk; [x]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-01-28 00:47:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-10 07:48:41 44 ----a-w- c:\windows\system32\msssc.dll
2011-11-26 20:33:44 644400 ----a-w- c:\windows\system32\mscomct2.ocx
2011-11-25 21:56:26 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29:56 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:20:51 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:20:51 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 10:03:29.03 ===============

Attach (from DDS):

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2012 12:26:52 AM
System Uptime: 2/8/2012 7:19:06 AM (3 hours ago)
.
Motherboard: Hewlett-Packard | | 085Ch
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | XU1 PROCESSOR | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 27.999 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 298 GiB total, 221.833 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&369939D9&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&369939D9&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1: 1/10/2012 12:38:16 AM - System Checkpoint
RP2: 1/10/2012 12:50:35 AM - Installed Broadcom NetXtreme Ethernet Controller
RP3: 1/10/2012 1:01:15 AM - Installed Adobe Reader X (10.1.0).
RP4: 1/10/2012 1:17:16 AM - Installed AVG 2012
RP5: 1/10/2012 1:17:44 AM - Installed AVG 2012
RP6: 1/10/2012 1:29:08 AM - Software Distribution Service 3.0
RP7: 1/11/2012 2:23:33 AM - Software Distribution Service 3.0
RP8: 1/11/2012 12:00:46 PM - Installed Driver Manager.
RP9: 1/12/2012 12:45:39 AM - Software Distribution Service 3.0
RP10: 1/13/2012 9:30:26 PM - System Checkpoint
RP11: 1/15/2012 3:00:16 AM - Software Distribution Service 3.0
RP12: 1/16/2012 12:38:23 AM - Software Distribution Service 3.0
RP13: 1/16/2012 12:28:24 PM - Software Distribution Service 3.0
RP14: 1/17/2012 1:42:29 PM - System Checkpoint
RP15: 1/18/2012 3:00:18 AM - Software Distribution Service 3.0
RP16: 1/19/2012 3:13:40 AM - System Checkpoint
RP17: 1/20/2012 12:40:44 PM - System Checkpoint
RP18: 1/21/2012 7:18:08 PM - System Checkpoint
RP19: 1/24/2012 6:39:02 PM - System Checkpoint
RP20: 1/26/2012 9:07:21 AM - System Checkpoint
RP21: 1/28/2012 8:27:28 AM - System Checkpoint
RP22: 1/30/2012 1:26:58 PM - Installed Google SketchUp 8
RP23: 1/30/2012 3:49:15 PM - Installed DirectX
RP24: 1/30/2012 4:07:13 PM - Removed Google SketchUp 8
RP25: 1/31/2012 2:00:47 AM - Software Distribution Service 3.0
RP26: 2/1/2012 6:50:53 PM - System Checkpoint
RP27: 2/3/2012 12:52:14 AM - Software Distribution Service 3.0
RP28: 2/4/2012 12:42:18 PM - System Checkpoint
RP29: 2/5/2012 3:44:03 PM - System Checkpoint
RP30: 2/7/2012 1:43:30 PM - System Checkpoint
RP31: 2/8/2012 12:11:11 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP32: 2/8/2012 1:37:16 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP33: 2/8/2012 2:50:52 AM - Installed Windows XP KB2562937.
RP34: 2/8/2012 2:59:05 AM - Installed Windows XP KB2632503.
RP35: 2/8/2012 4:52:05 AM - avast! Free Antivirus Setup
RP36: 2/8/2012 9:47:58 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
AutoHotkey 1.1.05.06
AVG 2012
Big Fish Games: Game Manager
BitTorrent
BitTorrentBar Toolbar
Broadcom NetXtreme Ethernet Controller
CCleaner
Corel PaintShop Pro X4
Easy2Convert JPG to DDS 1.0
Google Chrome
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICA
Intel(R) Extreme Graphics 2 Driver
IPM_PSP_COM
IrfanView (remove only)
Kingsoft PC Doctor 3.3.0.67
Logitech Webcam Software
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 9.0.1 (x86 en-US)
Norton PC Checkup
PE Explorer 1.99 R6
PSPPContent
PSPPHelp
Sandboxie 3.62 (32-bit)
SciTE4AutoHotkey v3.0.00 (Release Candidate)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows XP (KB2562937)
Setup
Skype™ 5.5
SoundMAX
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2632503)
VLC media player 1.1.11
WinRAR 4.10 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
2/8/2012 4:56:52 AM, error: Service Control Manager [7023] - The Process Monitor service terminated with the following error: The system cannot open the device or file specified.
2/8/2012 4:56:39 AM, error: Service Control Manager [7000] - The Logitech LVPr2Mon Driver service failed to start due to the following error: The parameter is incorrect.
2/8/2012 4:56:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
2/8/2012 4:56:25 AM, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the file specified.
2/8/2012 2:28:55 AM, error: Service Control Manager [7023] - The KSafe service service terminated with the following error: CoInitialize has not been called.
2/8/2012 1:49:41 AM, error: Service Control Manager [7000] - The kmodurl service failed to start due to the following error: A device attached to the system is not functioning.
2/2/2012 11:08:06 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================

Hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:20 AM, on 2/8/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\sand\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\PCDoctor\KSafeSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
E:\PCDoctor\KSafeTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll
O1 - Hosts: 94.63.240.163 www.google.com
O1 - Hosts: 94.63.240.164 www.bing.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll (file missing)
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [KSafeTray] "E:\PCDoctor\KSafeTray.exe" -autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KSafe service (KSafeSvc) - Kingsoft Corporation - E:\PCDoctor\KSafeSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - E:\sand\SbieSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6880 bytes
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Wed Feb 08, 2012 11:05 pm    Post subject: Reply with quote

Looking over your logs, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Wed Feb 08, 2012 11:14 pm    Post subject: Reply with quote

Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi jaktunner

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.

  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....

    • Let me know.
    • Do not follow any further instructions until I tell you to.


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Both your DDS and HJT logs show you have a HOSTS file hijack, and a number of remnants from improperly removed old anti-virus programs, whether these are the cause of all your problems it's hard to say, so I'd like to run a couple of extra scans before we start to remove the signs of infection on your computer.

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Next

Download TDSSKiller.zip and extract it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • If using Vista or Windows7, when prompted by UAC allow the prompt.

  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Summary of the logs I need from you in your next post:

  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
jaktunner
Junior Member


Joined: 08 Feb 2012
Last Visit: 10 Feb 2012
Posts: 10

PostPosted: Thu Feb 09, 2012 8:29 am    Post subject: Reply with quote

OTL.txt:

OTL logfile created on: 2/9/2012 9:17:31 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Cas Mark\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 483.71 Mb Available Physical Memory | 47.63% Memory free
2.39 Gb Paging File | 1.95 Gb Available in Paging File | 81.59% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 27.98 Gb Free Space | 75.09% Space Free | Partition Type: NTFS
Drive E: | 298.02 Gb Total Space | 221.83 Gb Free Space | 74.43% Space Free | Partition Type: FAT32

Computer Name: DEPARTNM-7FAF2E | User Name: Cas Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/09 09:16:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cas Mark\My Documents\Downloads\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/19 22:35:36 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/12/28 02:39:56 | 001,303,968 | ---- | M] (Kingsoft Corporation) -- E:\PCDoctor\KSafeTray.exe
PRC - [2011/12/06 06:31:36 | 000,452,000 | ---- | M] (Kingsoft Corporation) -- E:\PCDoctor\KSafeSvc.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 06:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) -- E:\sand\SbieSvc.exe
PRC - [2011/11/07 12:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2011/11/07 12:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/13 08:03:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2003/05/08 11:34:32 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
PRC - [2003/05/05 08:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/19 22:35:35 | 000,411,120 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppgooglenaclpluginchrome.dll
MOD - [2012/01/19 22:35:34 | 003,767,792 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
MOD - [2012/01/19 22:34:10 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\avutil-51.dll
MOD - [2012/01/19 22:34:09 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\avformat-53.dll
MOD - [2012/01/19 22:34:07 | 001,746,432 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\avcodec-53.dll
MOD - [2011/10/21 02:01:48 | 000,140,664 | ---- | M] () -- E:\PCDoctor\zlib1.dll
MOD - [2011/10/21 02:01:40 | 000,075,160 | ---- | M] () -- E:\PCDoctor\json.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/06 06:31:36 | 000,452,000 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- E:\PCDoctor\KSafeSvc.exe -- (KSafeSvc)
SRV - [2011/11/23 06:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- E:\sand\SbieSvc.exe -- (SbieSvc)
SRV - [2011/11/07 12:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/11/07 12:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 10:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/23 06:17:08 | 000,131,856 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- E:\sand\SbieDrv.sys -- (SbieDrv)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/13 08:13:35 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2011/07/13 08:13:35 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2011/07/13 08:13:35 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2003/11/21 15:20:10 | 000,113,152 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-261478967-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1715567821-261478967-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1715567821-261478967-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1715567821-261478967-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 9A 4A 7F C7 E5 CC 01 [binary data]
IE - HKU\S-1-5-21-1715567821-261478967-1606980848-1003\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1715567821-261478967-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:18:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/14 23:45:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/14 23:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cas Mark\Application Data\Mozilla\Extensions
[2012/01/19 19:55:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cas Mark\Application Data\Mozilla\Firefox\Profiles\8cc3sx5j.default\extensions
[2012/01/19 19:55:53 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Cas Mark\Application Data\Mozilla\Firefox\Profiles\8cc3sx5j.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/01/14 23:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 00:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 21:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 21:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/04 18:54:38 | 000,000,884 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.240.163 www.google.com
O1 - Hosts: 94.63.240.164 www.bing.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1715567821-261478967-1606980848-1003\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KSafeTray] E:\PCDoctor\KSafeTray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-261478967-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1715567821-261478967-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1715567821-261478967-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6B72412-0347-4D0F-B574-CE3457DBB3F1}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/10 00:23:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/01/19 17:11:50 | 000,000,000 | ---D | M] - E:\Auto Hotkey -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/09 09:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/09 09:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/09 09:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/02/08 12:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Start Menu\Programs\HiJackThis
[2012/02/08 12:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/02/08 12:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/02/08 12:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\KSafe
[2012/02/08 12:24:01 | 000,000,000 | -HSD | C] -- C:\KRSHistory
[2012/02/08 12:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kingsoft PC Doctor
[2012/02/08 12:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\kingsoft
[2012/02/08 12:23:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cas Mark\Recent
[2012/02/08 12:23:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cas Mark\Start Menu\Programs\Administrative Tools
[2012/02/08 12:22:56 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/08 04:55:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/02/08 04:53:38 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/02/08 04:52:41 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/02/08 04:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/02/08 03:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\GetRightToGo
[2012/02/08 02:34:32 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iprip.dll
[2012/02/08 02:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Safe
[2012/02/08 02:32:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\KRSHistory
[2012/02/08 01:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\KSafe
[2012/02/08 01:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2012/02/05 22:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\AVG
[2012/02/05 08:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Identities
[2012/02/05 00:23:05 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/02/05 00:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2012/02/04 20:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\PE Explorer
[2012/02/03 00:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012/02/01 16:23:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cas Mark\My Documents\My Videos
[2012/02/01 16:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\Leadertech
[2012/02/01 16:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2012/02/01 16:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2012/02/01 16:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/02/01 16:19:12 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2012/02/01 16:18:52 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2012/02/01 16:18:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2012/02/01 16:18:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2012/02/01 16:18:48 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2012/02/01 16:18:46 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2012/02/01 16:18:42 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2012/02/01 16:18:38 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2012/02/01 16:18:33 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2012/02/01 16:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2012/02/01 16:17:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2012/02/01 16:17:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2012/02/01 16:17:47 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2012/02/01 16:17:47 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2012/02/01 16:17:46 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2012/02/01 16:17:46 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2012/02/01 16:17:46 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2012/02/01 16:17:46 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2012/02/01 16:17:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2012/02/01 16:17:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2012/01/30 21:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Moviestorm
[2012/01/30 17:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\Easy2Convert
[2012/01/30 17:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy2Convert Software
[2012/01/30 16:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\ThumbsPlus
[2012/01/30 16:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Protexis
[2012/01/30 16:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\Corel
[2012/01/30 16:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/01/30 16:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\Ulead Systems
[2012/01/30 16:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\My Documents\Corel PaintShop Pro
[2012/01/30 16:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Corel PaintShop Pro
[2012/01/30 16:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2012/01/30 16:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel
[2012/01/30 15:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Corel PaintShop Pro X4
[2012/01/30 15:50:18 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2012/01/30 15:50:16 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2012/01/30 15:50:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2012/01/30 15:50:15 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2012/01/30 15:50:14 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2012/01/30 15:50:13 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2012/01/30 15:50:13 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2012/01/30 15:50:12 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2012/01/30 15:50:11 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2012/01/30 15:50:11 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2012/01/30 15:50:10 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2012/01/30 15:50:10 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2012/01/30 15:50:09 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2012/01/30 15:50:08 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2012/01/30 15:50:06 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2012/01/30 15:50:04 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2012/01/30 15:50:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2012/01/30 15:50:01 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2012/01/30 15:50:00 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2012/01/30 15:49:59 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2012/01/30 15:49:58 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2012/01/30 15:49:57 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2012/01/30 15:49:57 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2012/01/30 15:49:56 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2012/01/30 15:49:55 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2012/01/30 15:49:55 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2012/01/30 15:49:54 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2012/01/30 15:49:54 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2012/01/30 15:49:53 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2012/01/30 15:49:35 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2012/01/30 15:49:34 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2012/01/30 15:49:34 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2012/01/30 15:49:33 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2012/01/30 15:49:32 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2012/01/30 15:49:31 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2012/01/30 15:49:31 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2012/01/30 15:49:30 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2012/01/30 15:49:29 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2012/01/30 15:49:27 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2012/01/30 14:41:39 | 000,182,784 | ---- | C] (Micrografx, Inc.) -- C:\WINDOWS\Mgxclean.exe
[2012/01/30 14:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\WINDOWS
[2012/01/30 14:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\WinRAR
[2012/01/30 14:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/01/30 14:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Start Menu\Programs\WinRAR
[2012/01/30 13:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012/01/30 13:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/01/30 13:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\Google
[2012/01/30 13:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IrfanView
[2012/01/30 12:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\Nvu
[2012/01/27 17:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/01/19 21:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\vlc
[2012/01/19 19:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/01/19 19:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Conduit
[2012/01/19 19:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\BitTorrentBar
[2012/01/19 19:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Temp
[2012/01/19 19:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrentBar
[2012/01/19 19:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\BitTorrent
[2012/01/19 17:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\My Documents\AutoHotkey
[2012/01/19 17:12:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2012/01/18 12:55:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/01/17 00:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/01/17 00:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/01/16 16:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\Skype
[2012/01/16 16:55:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/01/16 16:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/01/16 16:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/01/16 09:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\PCHealth
[2012/01/15 03:07:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/01/15 03:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/01/15 03:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/01/15 03:06:47 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2012/01/15 03:06:47 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2012/01/15 03:06:47 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2012/01/15 03:06:46 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2012/01/15 03:06:46 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2012/01/15 03:06:46 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2012/01/15 03:06:45 | 000,000,000 | ---D | C] -- C:\f0267d1835c4e26863
[2012/01/14 23:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Mozilla
[2012/01/14 23:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\Mozilla
[2012/01/14 23:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/14 15:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\My Documents\Eternal Lands
[2012/01/14 11:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/01/14 11:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Eternal Lands
[2012/01/13 18:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\SultansLabyrinth
[2012/01/13 17:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Application Data\Elephant Games
[2012/01/13 17:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2012/01/13 17:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/13 16:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/01/13 16:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2012/01/13 16:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2012/01/11 15:05:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup
[2012/01/11 15:05:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200110.014
[2012/01/11 15:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2012/01/11 15:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton PC Checkup
[2012/01/11 15:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/01/11 15:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/01/11 15:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/01/11 12:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2012/01/11 11:57:03 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/01/11 11:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/01/11 11:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\My Documents\Downloads
[2012/01/10 20:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Start Menu\Programs\Google Chrome
[2012/01/10 20:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Google
[2012/01/10 20:21:26 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2012/01/10 20:21:21 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2012/01/10 20:21:14 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2012/01/10 20:21:05 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/09 09:16:54 | 088,529,444 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/09 09:14:08 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Desktop\NTREGOPT.lnk
[2012/02/09 09:14:08 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Desktop\ERUNT.lnk
[2012/02/09 09:10:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/08 22:42:25 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-261478967-1606980848-1003UA.job
[2012/02/08 18:43:39 | 000,106,145 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/08 14:41:02 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-261478967-1606980848-1003Core.job
[2012/02/08 09:47:59 | 000,001,962 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Desktop\HiJackThis.lnk
[2012/02/08 09:45:35 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/08 02:59:34 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\KsafeDelay.job
[2012/02/08 02:32:06 | 000,000,380 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kingsoft PC Doctor.lnk
[2012/02/07 08:23:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/05 22:23:14 | 000,048,886 | ---- | M] () -- C:\Documents and Settings\Cas Mark\My Documents\cc_20120205_211213.reg
[2012/02/05 06:53:26 | 000,001,580 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/02/05 00:14:10 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Desktop\Sandboxed Web Browser.lnk
[2012/02/05 00:14:10 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/02/04 18:54:38 | 000,000,884 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/03 13:40:16 | 009,088,649 | ---- | M] () -- C:\Documents and Settings\Cas Mark\My Documents\Band Perry - If I Die Young.mp3
[2012/02/02 13:10:49 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/02/01 16:22:45 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2012/02/01 15:19:18 | 004,516,270 | ---- | M] () -- C:\Documents and Settings\Cas Mark\My Documents\DSC01093.JPG
[2012/02/01 15:14:41 | 000,310,563 | ---- | M] () -- C:\Documents and Settings\Cas Mark\My Documents\IMG_0768.JPG
[2012/02/01 09:18:47 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/30 15:58:19 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Corel PaintShop Pro X4.lnk
[2012/01/28 02:00:53 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/27 17:47:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/24 11:37:17 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/24 11:37:16 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Desktop\Google Chrome.lnk
[2012/01/19 21:03:55 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/19 19:21:05 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2012/01/19 18:13:28 | 000,000,449 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Desktop\Shortcut to el.lnk
[2012/01/19 17:14:19 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SciTE4AutoHotkey.lnk
[2012/01/16 01:00:25 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/16 01:00:25 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/15 09:42:12 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/14 23:45:27 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Cas Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/14 23:45:27 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/13 16:41:57 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/01/12 10:42:46 | 000,436,335 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120119-103939.backup
[2012/01/11 15:06:05 | 000,001,953 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.LNK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/09 09:14:08 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Cas Mark\Desktop\NTREGOPT.lnk
[2012/02/09 09:14:08 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Cas Mark\Desktop\ERUNT.lnk
[2012/02/08 09:47:59 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\Cas Mark\Desktop\HiJackThis.lnk
[2012/02/08 02:55:37 | 000,000,194 | ---- | C] () -- C:\WINDOWS\tasks\KsafeDelay.job
[2012/02/08 02:32:06 | 000,000,380 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kingsoft PC Doctor.lnk
[2012/02/05 21:12:22 | 000,048,886 | ---- | C] () -- C:\Documents and Settings\Cas Mark\My Documents\cc_20120205_211213.reg
[2012/02/05 00:14:29 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\Cas Mark\Desktop\Sandboxed Web Browser.lnk
[2012/02/05 00:14:29 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\Cas Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/02/05 00:14:26 | 000,001,580 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/02/03 13:39:50 | 009,088,649 | ---- | C] () -- C:\Documents and Settings\Cas Mark\My Documents\Band Perry - If I Die Young.mp3
[2012/02/01 16:22:45 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2012/02/01 15:18:40 | 004,516,270 | ---- | C] () -- C:\Documents and Settings\Cas Mark\My Documents\DSC01093.JPG
[2012/02/01 15:14:32 | 000,310,563 | ---- | C] () -- C:\Documents and Settings\Cas Mark\My Documents\IMG_0768.JPG
[2012/01/30 15:58:19 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Corel PaintShop Pro X4.lnk
[2012/01/30 14:43:21 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\Cas Mark\Start Menu\Programs\Micrografx Simply 3D 2.lnk
[2012/01/19 21:03:55 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Cas Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/19 18:13:26 | 000,000,449 | ---- | C] () -- C:\Documents and Settings\Cas Mark\Desktop\Shortcut to el.lnk
[2012/01/19 17:14:19 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SciTE4AutoHotkey.lnk
[2012/01/18 17:33:15 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Cas Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/16 16:55:33 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/14 23:45:27 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Cas Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/14 23:45:27 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/14 23:45:27 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/13 16:41:56 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/01/13 16:40:28 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2012/01/13 16:40:25 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2012/01/11 15:06:04 | 000,001,953 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.LNK
[2012/01/11 15:05:33 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200110.014\isolate.ini
[2012/01/10 20:32:00 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\Cas Mark\Desktop\Google Chrome.lnk
[2012/01/10 20:32:00 | 000,002,287 | ---- | C] () -- C:\Documents and Settings\Cas Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/10 20:30:54 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-261478967-1606980848-1003UA.job
[2012/01/10 20:30:53 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-261478967-1606980848-1003Core.job
[2012/01/10 00:48:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2012/01/10 00:26:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/10 00:20:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/09 17:11:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/09 17:09:25 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 08:05:09 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012/02/08 04:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/02/08 14:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/01/13 16:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/01/10 01:20:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/11 12:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2012/01/13 17:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2012/02/08 12:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2012/02/08 12:24:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\KRSHistory
[2012/02/09 09:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/02/08 23:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Safe
[2012/02/08 03:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/05 22:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\AVG
[2012/01/10 01:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\AVG2012
[2012/02/05 20:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\BitTorrent
[2012/01/30 17:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\Easy2Convert
[2012/01/13 17:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\Elephant Games
[2012/02/08 12:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\GetRightToGo
[2012/02/08 12:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\kingsoft
[2012/02/08 12:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\KSafe
[2012/02/01 16:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\Leadertech
[2012/01/30 12:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\Nvu
[2012/02/04 20:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\PE Explorer
[2012/01/13 18:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\SultansLabyrinth
[2012/01/30 16:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\ThumbsPlus
[2012/01/30 16:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cas Mark\Application Data\Ulead Systems
[2012/02/08 02:59:34 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\KsafeDelay.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8

< End of report >[/b]
Back to top
View user's profile Send private message
jaktunner
Junior Member


Joined: 08 Feb 2012
Last Visit: 10 Feb 2012
Posts: 10

PostPosted: Thu Feb 09, 2012 8:31 am    Post subject: Reply with quote

Extras.txt:


OTL Extras logfile created on: 2/9/2012 9:17:31 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Cas Mark\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 483.71 Mb Available Physical Memory | 47.63% Memory free
2.39 Gb Paging File | 1.95 Gb Available in Paging File | 81.59% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 27.98 Gb Free Space | 75.09% Space Free | Partition Type: NTFS
Drive E: | 298.02 Gb Total Space | 221.83 Gb Free Space | 74.43% Space Free | Partition Type: FAT32

Computer Name: DEPARTNM-7FAF2E | User Name: Cas Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1715567821-261478967-1606980848-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel PaintShop Pro X4] -- "E:\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"E:\BitTorrent\BitTorrent.exe" = E:\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2BE890AA-F48D-4E94-82D6-648A84E1D072}_is1" = Easy2Convert JPG to DDS 1.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoHotkey" = AutoHotkey 1.1.05.06
"AVG" = AVG 2012
"BFGC" = Big Fish Games: Game Manager
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"IrfanView" = IrfanView (remove only)
"Kingsoft PC Doctor" = Kingsoft PC Doctor 3.3.0.67
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NortonPCCheckup" = Norton PC Checkup
"PE Explorer_is1" = PE Explorer 1.99 R6
"Sandboxie" = Sandboxie 3.62 (32-bit)
"SciTE4AutoHotkey" = SciTE4AutoHotkey v3.0.00 (Release Candidate)
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.10 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-261478967-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/31/2012 12:52:38 AM | Computer Name = DEPARTNM-7FAF2E | Source = ESENT | ID = 490
Description = svchost (1268) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 1/31/2012 12:52:40 AM | Computer Name = DEPARTNM-7FAF2E | Source = ESENT | ID = 490
Description = svchost (1268) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 1/31/2012 12:52:41 AM | Computer Name = DEPARTNM-7FAF2E | Source = ESENT | ID = 490
Description = svchost (1268) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 1/31/2012 12:52:43 AM | Computer Name = DEPARTNM-7FAF2E | Source = ESENT | ID = 490
Description = svchost (1268) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 1/31/2012 12:52:44 AM | Computer Name = DEPARTNM-7FAF2E | Source = ESENT | ID = 490
Description = svchost (1268) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 1/31/2012 12:52:47 AM | Computer Name = DEPARTNM-7FAF2E | Source = ESENT | ID = 490
Description = svchost (1268) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 1/31/2012 1:03:26 AM | Computer Name = DEPARTNM-7FAF2E | Source = Application Hang | ID = 1002
Description = Hanging application Cal3DViewer.exe, version 1.0.0.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/1/2012 2:15:27 AM | Computer Name = DEPARTNM-7FAF2E | Source = Application Hang | ID = 1002
Description = Hanging application el.exe, version 1.9.2.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2012 2:59:05 AM | Computer Name = DEPARTNM-7FAF2E | Source = Application Hang | ID = 1002
Description = Hanging application keygen.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2012 6:55:51 AM | Computer Name = DEPARTNM-7FAF2E | Source = pctsSvc.exe | ID = 0
Description =

[ System Events ]
Error - 2/8/2012 2:51:21 PM | Computer Name = DEPARTNM-7FAF2E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/8/2012 2:51:21 PM | Computer Name = DEPARTNM-7FAF2E | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 2/8/2012 2:51:21 PM | Computer Name = DEPARTNM-7FAF2E | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 2/8/2012 2:51:21 PM | Computer Name = DEPARTNM-7FAF2E | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 2/8/2012 2:51:21 PM | Computer Name = DEPARTNM-7FAF2E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD aswSnx Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
TfFsMon
TfSysMon

Error - 2/8/2012 2:51:28 PM | Computer Name = DEPARTNM-7FAF2E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/8/2012 2:59:39 PM | Computer Name = DEPARTNM-7FAF2E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 2/8/2012 3:26:26 PM | Computer Name = DEPARTNM-7FAF2E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 2/8/2012 5:06:26 PM | Computer Name = DEPARTNM-7FAF2E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 2/9/2012 12:11:01 PM | Computer Name = DEPARTNM-7FAF2E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon


< End of report >
Back to top
View user's profile Send private message
jaktunner
Junior Member


Joined: 08 Feb 2012
Last Visit: 10 Feb 2012
Posts: 10

PostPosted: Thu Feb 09, 2012 8:33 am    Post subject: Reply with quote

TDDS log:

09:25:48.0171 3120 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
09:25:48.0593 3120 ============================================================
09:25:48.0593 3120 Current date / time: 2012/02/09 09:25:48.0593
09:25:48.0593 3120 SystemInfo:
09:25:48.0593 3120
09:25:48.0593 3120 OS Version: 5.1.2600 ServicePack: 3.0
09:25:48.0593 3120 Product type: Workstation
09:25:48.0593 3120 ComputerName: DEPARTNM-7FAF2E
09:25:48.0593 3120 UserName: Cas Mark
09:25:48.0593 3120 Windows directory: C:\WINDOWS
09:25:48.0593 3120 System windows directory: C:\WINDOWS
09:25:48.0609 3120 Processor architecture: Intel x86
09:25:48.0609 3120 Number of processors: 1
09:25:48.0609 3120 Page size: 0x1000
09:25:48.0609 3120 Boot type: Normal boot
09:25:48.0609 3120 ============================================================
09:25:50.0406 3120 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
09:25:50.0421 3120 Drive \Device\Harddisk1\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:25:50.0453 3120 \Device\Harddisk0\DR0:
09:25:50.0453 3120 MBR used
09:25:50.0453 3120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
09:25:50.0453 3120 \Device\Harddisk1\DR2:
09:25:50.0453 3120 MBR used
09:25:50.0453 3120 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2542D682
09:25:50.0484 3120 Initialize success
09:25:50.0484 3120 ============================================================
09:26:16.0609 0468 ============================================================
09:26:16.0609 0468 Scan started
09:26:16.0609 0468 Mode: Manual;
09:26:16.0609 0468 ============================================================
09:26:17.0125 0468 Abiosdsk - ok
09:26:17.0140 0468 abp480n5 - ok
09:26:17.0187 0468 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:26:17.0187 0468 ACPI - ok
09:26:17.0296 0468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:26:17.0296 0468 ACPIEC - ok
09:26:17.0312 0468 adpu160m - ok
09:26:17.0359 0468 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
09:26:17.0359 0468 aeaudio - ok
09:26:17.0468 0468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:26:17.0484 0468 aec - ok
09:26:17.0593 0468 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
09:26:17.0593 0468 AFD - ok
09:26:17.0671 0468 Aha154x - ok
09:26:17.0687 0468 aic78u2 - ok
09:26:17.0703 0468 aic78xx - ok
09:26:17.0734 0468 AliIde - ok
09:26:17.0750 0468 amsint - ok
09:26:17.0765 0468 asc - ok
09:26:17.0781 0468 asc3350p - ok
09:26:17.0796 0468 asc3550 - ok
09:26:17.0921 0468 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
09:26:17.0968 0468 aswSnx - ok
09:26:18.0109 0468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:26:18.0109 0468 AsyncMac - ok
09:26:18.0140 0468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:26:18.0140 0468 atapi - ok
09:26:18.0203 0468 Atdisk - ok
09:26:18.0250 0468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:26:18.0250 0468 Atmarpc - ok
09:26:18.0359 0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:26:18.0359 0468 audstub - ok
09:26:18.0406 0468 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
09:26:18.0421 0468 AVGIDSDriver - ok
09:26:18.0531 0468 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
09:26:18.0531 0468 AVGIDSEH - ok
09:26:18.0640 0468 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
09:26:18.0640 0468 AVGIDSFilter - ok
09:26:18.0734 0468 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
09:26:18.0734 0468 AVGIDSShim - ok
09:26:18.0828 0468 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:26:18.0843 0468 Avgldx86 - ok
09:26:18.0953 0468 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:26:18.0953 0468 Avgmfx86 - ok
09:26:18.0968 0468 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:26:18.0968 0468 Avgrkx86 - ok
09:26:19.0015 0468 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:26:19.0015 0468 Avgtdix - ok
09:26:19.0140 0468 b57w2k (4d50b7a5ae8e67e68b7c9571769d5dde) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:26:19.0140 0468 b57w2k - ok
09:26:19.0250 0468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:26:19.0250 0468 Beep - ok
09:26:19.0296 0468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:26:19.0296 0468 cbidf2k - ok
09:26:19.0343 0468 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:26:19.0343 0468 CCDECODE - ok
09:26:19.0359 0468 cd20xrnt - ok
09:26:19.0406 0468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:26:19.0406 0468 Cdaudio - ok
09:26:19.0437 0468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:26:19.0453 0468 Cdfs - ok
09:26:19.0562 0468 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:26:19.0562 0468 Cdrom - ok
09:26:19.0640 0468 Changer - ok
09:26:19.0671 0468 CmdIde - ok
09:26:19.0703 0468 Cpqarray - ok
09:26:19.0718 0468 dac2w2k - ok
09:26:19.0734 0468 dac960nt - ok
09:26:19.0781 0468 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
09:26:19.0781 0468 Disk - ok
09:26:19.0937 0468 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:26:19.0984 0468 dmboot - ok
09:26:20.0125 0468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:26:20.0125 0468 dmio - ok
09:26:20.0234 0468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:26:20.0234 0468 dmload - ok
09:26:20.0296 0468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:26:20.0296 0468 DMusic - ok
09:26:20.0312 0468 dpti2o - ok
09:26:20.0328 0468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:26:20.0328 0468 drmkaud - ok
09:26:20.0406 0468 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
09:26:20.0406 0468 exFat - ok
09:26:20.0531 0468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:26:20.0531 0468 Fastfat - ok
09:26:20.0609 0468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:26:20.0609 0468 Fdc - ok
09:26:20.0640 0468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:26:20.0640 0468 Fips - ok
09:26:20.0671 0468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:26:20.0671 0468 Flpydisk - ok
09:26:20.0718 0468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:26:20.0718 0468 FltMgr - ok
09:26:20.0828 0468 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:26:20.0828 0468 Fs_Rec - ok
09:26:20.0859 0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:26:20.0859 0468 Ftdisk - ok
09:26:21.0000 0468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:26:21.0000 0468 Gpc - ok
09:26:21.0140 0468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:26:21.0140 0468 HidUsb - ok
09:26:21.0218 0468 hpn - ok
09:26:21.0281 0468 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys
09:26:21.0281 0468 HTTP - ok
09:26:21.0359 0468 i2omgmt - ok
09:26:21.0375 0468 i2omp - ok
09:26:21.0421 0468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:26:21.0421 0468 i8042prt - ok
09:26:21.0609 0468 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:26:21.0656 0468 ialm - ok
09:26:21.0781 0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:26:21.0781 0468 Imapi - ok
09:26:21.0796 0468 ini910u - ok
09:26:21.0828 0468 IntelIde - ok
09:26:21.0843 0468 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:26:21.0843 0468 intelppm - ok
09:26:21.0984 0468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:26:21.0984 0468 Ip6Fw - ok
09:26:22.0093 0468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:26:22.0093 0468 IpFilterDriver - ok
09:26:22.0218 0468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:26:22.0218 0468 IpInIp - ok
09:26:22.0328 0468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:26:22.0328 0468 IpNat - ok
09:26:22.0453 0468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:26:22.0468 0468 IPSec - ok
09:26:22.0562 0468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:26:22.0562 0468 IRENUM - ok
09:26:22.0625 0468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:26:22.0625 0468 isapnp - ok
09:26:22.0656 0468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:26:22.0656 0468 Kbdclass - ok
09:26:22.0703 0468 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:26:22.0703 0468 kbdhid - ok
09:26:22.0734 0468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:26:22.0750 0468 kmixer - ok
09:26:22.0859 0468 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
09:26:22.0875 0468 KSecDD - ok
09:26:22.0968 0468 lbrtfdc - ok
09:26:23.0031 0468 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
09:26:23.0046 0468 LVPr2Mon - ok
09:26:23.0156 0468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:26:23.0156 0468 mnmdd - ok
09:26:23.0203 0468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:26:23.0203 0468 Modem - ok
09:26:23.0250 0468 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:26:23.0250 0468 Mouclass - ok
09:26:23.0296 0468 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys
09:26:23.0296 0468 MountMgr - ok
09:26:23.0359 0468 mraid35x - ok
09:26:23.0375 0468 MRxDAV (4fefd389d71126ee581b9f9cb2918be4) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:26:23.0375 0468 MRxDAV - ok
09:26:23.0453 0468 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:26:23.0484 0468 MRxSmb - ok
09:26:23.0625 0468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:26:23.0625 0468 Msfs - ok
09:26:23.0750 0468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:26:23.0765 0468 MSKSSRV - ok
09:26:23.0796 0468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:26:23.0796 0468 MSPCLOCK - ok
09:26:23.0843 0468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:26:23.0843 0468 MSPQM - ok
09:26:23.0984 0468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:26:23.0984 0468 mssmbios - ok
09:26:24.0078 0468 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:26:24.0078 0468 MSTEE - ok
09:26:24.0125 0468 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys
09:26:24.0125 0468 Mup - ok
09:26:24.0218 0468 mv61xxmm (75b85f6a5cdccb602ec98e0d37ccc072) C:\WINDOWS\system32\drivers\mv61xxmm.sys
09:26:24.0218 0468 mv61xxmm - ok
09:26:24.0234 0468 mv64xxmm (6090786daa545a3ec7d34a46a8cd1661) C:\WINDOWS\system32\drivers\mv64xxmm.sys
09:26:24.0234 0468 mv64xxmm - ok
09:26:24.0250 0468 mvxxmm (76e142ad8eca91493467d5a17ef53b53) C:\WINDOWS\system32\drivers\mvxxmm.sys
09:26:24.0250 0468 mvxxmm - ok
09:26:24.0296 0468 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:26:24.0312 0468 NABTSFEC - ok
09:26:24.0437 0468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:26:24.0437 0468 NDIS - ok
09:26:24.0546 0468 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:26:24.0546 0468 NdisIP - ok
09:26:24.0593 0468 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:26:24.0593 0468 NdisTapi - ok
09:26:24.0640 0468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:26:24.0656 0468 Ndisuio - ok
09:26:24.0671 0468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:26:24.0671 0468 NdisWan - ok
09:26:24.0781 0468 NDProxy (816460bd4b4acd27937d1d0813e2e9e9) C:\WINDOWS\system32\drivers\NDProxy.sys
09:26:24.0781 0468 NDProxy - ok
09:26:24.0859 0468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:26:24.0875 0468 NetBIOS - ok
09:26:24.0984 0468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:26:25.0000 0468 NetBT - ok
09:26:25.0156 0468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:26:25.0156 0468 Npfs - ok
09:26:25.0203 0468 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
09:26:25.0234 0468 Ntfs - ok
09:26:25.0375 0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:26:25.0390 0468 Null - ok
09:26:25.0421 0468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:26:25.0421 0468 NwlnkFlt - ok
09:26:25.0453 0468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:26:25.0453 0468 NwlnkFwd - ok
09:26:25.0578 0468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:26:25.0578 0468 Parport - ok
09:26:25.0687 0468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:26:25.0687 0468 PartMgr - ok
09:26:25.0718 0468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:26:25.0734 0468 ParVdm - ok
09:26:25.0781 0468 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:26:25.0781 0468 PCI - ok
09:26:25.0859 0468 PCIDump - ok
09:26:25.0921 0468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:26:25.0921 0468 PCIIde - ok
09:26:26.0031 0468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:26:26.0031 0468 Pcmcia - ok
09:26:26.0125 0468 PDCOMP - ok
09:26:26.0140 0468 PDFRAME - ok
09:26:26.0156 0468 PDRELI - ok
09:26:26.0171 0468 PDRFRAME - ok
09:26:26.0187 0468 perc2 - ok
09:26:26.0203 0468 perc2hib - ok
09:26:26.0296 0468 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
09:26:26.0328 0468 PID_0928 - ok
09:26:26.0453 0468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:26:26.0453 0468 PptpMiniport - ok
09:26:26.0484 0468 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys
09:26:26.0484 0468 PSched - ok
09:26:26.0515 0468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:26:26.0515 0468 Ptilink - ok
09:26:26.0531 0468 ql1080 - ok
09:26:26.0546 0468 Ql10wnt - ok
09:26:26.0562 0468 ql12160 - ok
09:26:26.0578 0468 ql1240 - ok
09:26:26.0593 0468 ql1280 - ok
09:26:26.0625 0468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:26:26.0640 0468 RasAcd - ok
09:26:26.0687 0468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:26:26.0687 0468 Rasl2tp - ok
09:26:26.0703 0468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:26:26.0703 0468 RasPppoe - ok
09:26:26.0750 0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:26:26.0750 0468 Raspti - ok
09:26:26.0812 0468 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:26:26.0812 0468 Rdbss - ok
09:26:26.0968 0468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:26:26.0968 0468 RDPCDD - ok
09:26:27.0078 0468 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:26:27.0093 0468 rdpdr - ok
09:26:27.0203 0468 RDPWD (3348e61a78ba4f79c795aad6565d3b6f) C:\WINDOWS\system32\drivers\RDPWD.sys
09:26:27.0203 0468 RDPWD - ok
09:26:27.0328 0468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:26:27.0328 0468 redbook - ok
09:26:27.0453 0468 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
09:26:27.0468 0468 rspndr - ok
09:26:27.0781 0468 SbieDrv (3ab6cad1ddfa84cd7bc3d1a759b1e81e) E:\sand\SbieDrv.sys
09:26:27.0781 0468 SbieDrv - ok
09:26:27.0937 0468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:26:27.0937 0468 Secdrv - ok
09:26:27.0968 0468 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:26:27.0968 0468 serenum - ok
09:26:27.0984 0468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:26:27.0984 0468 Serial - ok
09:26:28.0031 0468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:26:28.0031 0468 Sfloppy - ok
09:26:28.0046 0468 Simbad - ok
09:26:28.0093 0468 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:26:28.0093 0468 SLIP - ok
09:26:28.0187 0468 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
09:26:28.0203 0468 smwdm - ok
09:26:28.0296 0468 Sparrow - ok
09:26:28.0343 0468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:26:28.0343 0468 splitter - ok
09:26:28.0453 0468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:26:28.0468 0468 sr - ok
09:26:28.0609 0468 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
09:26:28.0625 0468 Srv - ok
09:26:28.0765 0468 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:26:28.0765 0468 streamip - ok
09:26:28.0890 0468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:26:28.0906 0468 swenum - ok
09:26:29.0015 0468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:26:29.0015 0468 swmidi - ok
09:26:29.0093 0468 symc810 - ok
09:26:29.0109 0468 symc8xx - ok
09:26:29.0125 0468 sym_hi - ok
09:26:29.0140 0468 sym_u3 - ok
09:26:29.0171 0468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:26:29.0171 0468 sysaudio - ok
09:26:29.0250 0468 Tcpip (51e41f16acd80b8b39c0ae703a213f09) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:26:29.0265 0468 Tcpip - ok
09:26:29.0406 0468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:26:29.0406 0468 TDPIPE - ok
09:26:29.0421 0468 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
09:26:29.0421 0468 TDTCP - ok
09:26:29.0468 0468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:26:29.0468 0468 TermDD - ok
09:26:29.0500 0468 TfFsMon - ok
09:26:29.0515 0468 TfNetMon - ok
09:26:29.0531 0468 TfSysMon - ok
09:26:29.0562 0468 TosIde - ok
09:26:29.0609 0468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:26:29.0609 0468 Udfs - ok
09:26:29.0703 0468 ultra - ok
09:26:29.0796 0468 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
09:26:29.0796 0468 UnlockerDriver5 - ok
09:26:29.0968 0468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:26:29.0984 0468 Update - ok
09:26:30.0093 0468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:26:30.0109 0468 usbccgp - ok
09:26:30.0156 0468 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:26:30.0171 0468 usbehci - ok
09:26:30.0265 0468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:26:30.0281 0468 usbhub - ok
09:26:30.0390 0468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:26:30.0390 0468 USBSTOR - ok
09:26:30.0468 0468 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:26:30.0468 0468 usbuhci - ok
09:26:30.0515 0468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:26:30.0515 0468 VgaSave - ok
09:26:30.0531 0468 ViaIde - ok
09:26:30.0562 0468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:26:30.0562 0468 VolSnap - ok
09:26:30.0609 0468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:26:30.0625 0468 Wanarp - ok
09:26:30.0640 0468 WDICA - ok
09:26:30.0687 0468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:26:30.0687 0468 wdmaud - ok
09:26:30.0843 0468 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:26:30.0843 0468 WS2IFSL - ok
09:26:31.0000 0468 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:26:31.0000 0468 WSTCODEC - ok
09:26:31.0046 0468 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:26:31.0203 0468 \Device\Harddisk0\DR0 - ok
09:26:31.0234 0468 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
09:26:31.0234 0468 \Device\Harddisk1\DR2 - ok
09:26:31.0234 0468 Boot (0x1200) (26fc283f0935781a5ecf97d7360cf066) \Device\Harddisk0\DR0\Partition0
09:26:31.0250 0468 \Device\Harddisk0\DR0\Partition0 - ok
09:26:31.0250 0468 Boot (0x1200) (2530c42f57350e0a513b8e338b904f39) \Device\Harddisk1\DR2\Partition0
09:26:31.0250 0468 \Device\Harddisk1\DR2\Partition0 - ok
09:26:31.0250 0468 ============================================================
09:26:31.0250 0468 Scan finished
09:26:31.0250 0468 ============================================================
09:26:31.0265 0344 Detected object count: 0
09:26:31.0265 0344 Actual detected object count: 0
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Thu Feb 09, 2012 9:20 am    Post subject: Reply with quote

Please go to Control Panel > Add/Remove Programs and Uninstall the following:

Quote:
BitTorrent
BitTorrentBar Toolbar
Kingsoft PC Doctor 3.3.0.67


Use of P2P programs is the quickest way to an infected machine that I know. In return for our help this forum insists on their removal.

Computer "tune up" programs are a complete and utter waste of time, they do NOTHING to improve the performance of your computer, and in many cases do actual harm. The registry is a remarkably resilient entity, and will happily run with thousands of orphan entries without any effect on its performance. However remove just one wrong key or value, and you could make a very useful paperweight of your computer.

The risk versus benefit equation is that for no discernible benefit, you risk an unusable machine ..... do I need to say more?

Once those programs have been uinstalled reboot your computer.

Next


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:OTL
SRV - [2011/12/06 06:31:36 | 000,452,000 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- E:\PCDoctor\KSafeSvc.exe -- (KSafeSvc)
SRV - [2011/11/23 06:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- E:\sand\SbieSvc.exe -- (SbieSvc)
IE - HKU\S-1-5-21-1715567821-261478967-1606980848-1003\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF
[2012/01/19 19:55:53 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Cas Mark\Application Data\Mozilla\Firefox\Profiles\8cc3sx5j.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1715567821-261478967-1606980848-1003\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KSafeTray] E:\PCDoctor\KSafeTray.exe (Kingsoft Corporation)
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\BitTorrent\BitTorrent.exe"=-

:Files
E:\PCDoctor\KSafeTray.exe
E:\PCDoctor\KSafeSvc.exe
E:\PCDoctor\zlib1.dll
E:\PCDoctor\json.dll
E:\BitTorrent
C:\Documents and Settings\All Users\Application Data\PC Tools
C:\Documents and Settings\Cas Mark\Application Data\KSafe
C:\Documents and Settings\All Users\Start Menu\Programs\Kingsoft PC Doctor
C:\Documents and Settings\Cas Mark\Application Data\kingsoft
C:\WINDOWS\System32\drivers\aswSnx.sys
C:\WINDOWS\avastSS.scr
C:\Documents and Settings\All Users\Application Data\AVAST Software
C:\Documents and Settings\All Users\Application Data\KRSHistory
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\KSafe
C:\Documents and Settings\All Users\Application Data\Kingsoft
C:\Program Files\Conduit
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Conduit
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\BitTorrentBar
C:\Program Files\BitTorrentBar
C:\Documents and Settings\Cas Mark\Application Data\BitTorrent
C:\Documents and Settings\All Users\Desktop\Kingsoft PC Doctor.lnk
C:\Documents and Settings\All Users\Application Data\AVAST Software
C:\Documents and Settings\Cas Mark\Application Data\KSafe
C:\WINDOWS\Tasks\KsafeDelay.job

:Commands
[EmptyTemp]
[ResetHosts]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)


Summary of the logs I need from you in your next post:

  • OTL fix log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
jaktunner
Junior Member


Joined: 08 Feb 2012
Last Visit: 10 Feb 2012
Posts: 10

PostPosted: Thu Feb 09, 2012 11:42 am    Post subject: Reply with quote

OTL FIX LOG:


All processes killed
========== OTL ==========
Error: No service named KSafeSvc was found to stop!
Service\Driver key KSafeSvc not found.
File E:\PCDoctor\KSafeSvc.exe not found.
Service SbieSvc stopped successfully!
Service SbieSvc deleted successfully!
E:\sand\SbieSvc.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-261478967-1606980848-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
File C:\Program Files\BitTorrentBar\prxtbBitT.dll not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF not found.
C:\Documents and Settings\Cas Mark\Application Data\Mozilla\Firefox\Profiles\8cc3sx5j.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully.
C:\Documents and Settings\Cas Mark\Application Data\Mozilla\Firefox\Profiles\8cc3sx5j.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully.
C:\Documents and Settings\Cas Mark\Application Data\Mozilla\Firefox\Profiles\8cc3sx5j.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully.
C:\Documents and Settings\Cas Mark\Application Data\Mozilla\Firefox\Profiles\8cc3sx5j.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully.
C:\Documents and Settings\Cas Mark\Application Data\Mozilla\Firefox\Profiles\8cc3sx5j.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully.
C:\Documents and Settings\Cas Mark\Application Data\Mozilla\Firefox\Profiles\8cc3sx5j.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully.
C:\Documents and Settings\Cas Mark\Application Data\Mozilla\Firefox\Profiles\8cc3sx5j.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
File C:\Program Files\BitTorrentBar\prxtbBitT.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
File C:\Program Files\BitTorrentBar\prxtbBitT.dll not found.
Registry value HKEY_USERS\S-1-5-21-1715567821-261478967-1606980848-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
File C:\Program Files\BitTorrentBar\prxtbBitT.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KSafeTray not found.
File E:\PCDoctor\KSafeTray.exe not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\BitTorrent\BitTorrent.exe not found.
========== FILES ==========
File\Folder E:\PCDoctor\KSafeTray.exe not found.
File\Folder E:\PCDoctor\KSafeSvc.exe not found.
File\Folder E:\PCDoctor\zlib1.dll not found.
File\Folder E:\PCDoctor\json.dll not found.
File\Folder E:\BitTorrent not found.
C:\Documents and Settings\All Users\Application Data\PC Tools\ThreatFire folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PC Tools folder moved successfully.
File\Folder C:\Documents and Settings\Cas Mark\Application Data\KSafe not found.
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Kingsoft PC Doctor not found.
C:\Documents and Settings\Cas Mark\Application Data\kingsoft\kclear\temp folder moved successfully.
C:\Documents and Settings\Cas Mark\Application Data\kingsoft\kclear folder moved successfully.
C:\Documents and Settings\Cas Mark\Application Data\kingsoft folder moved successfully.
C:\WINDOWS\System32\drivers\aswSnx.sys moved successfully.
C:\WINDOWS\avastSS.scr moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\sounds\1033 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\sounds folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\moved folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\journal folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\integ folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\HtmlData folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\fw folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\chest folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software folder moved successfully.
C:\Documents and Settings\All Users\Application Data\KRSHistory\kws\data folder moved successfully.
C:\Documents and Settings\All Users\Application Data\KRSHistory\kws folder moved successfully.
Folder move failed. C:\Documents and Settings\All Users\Application Data\KRSHistory\KSafeSvc\xml scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\KRSHistory\KSafeSvc\data scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\KRSHistory\KSafeSvc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\KRSHistory folder moved successfully.
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\KSafe\KClear\Logs folder moved successfully.
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\KSafe\KClear folder moved successfully.
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\KSafe folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\SysFile folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\KWSH\KScanLog folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\KWSH folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\kws\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\kws folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\kwfsdata\fsign folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\kwfsdata folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\ksbw\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\ksbw\fsign folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\ksbw folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\ksafe\kich folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\ksafe folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\KIS\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\KIS\kws\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\KIS\kws folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\KIS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft\kclear folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kingsoft folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Conduit\Toolbar\Facebook folder moved successfully.
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Conduit\Toolbar folder moved successfully.
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Cas Mark\Local Settings\Application Data\Conduit folder moved successfully.
File\Folder C:\Documents and Settings\Cas Mark\Local Settings\Application Data\BitTorrentBar not found.
File\Folder C:\Program Files\BitTorrentBar not found.
File\Folder C:\Documents and Settings\Cas Mark\Application Data\BitTorrent not found.
File\Folder C:\Documents and Settings\All Users\Desktop\Kingsoft PC Doctor.lnk not found.
File\Folder C:\Documents and Settings\All Users\Application Data\AVAST Software not found.
File\Folder C:\Documents and Settings\Cas Mark\Application Data\KSafe not found.
C:\WINDOWS\Tasks\KsafeDelay.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cas Mark
->Temp folder emptied: 7148517 bytes
->Temporary Internet Files folder emptied: 1387250 bytes
->FireFox cache emptied: 28338120 bytes
->Google Chrome cache emptied: 10551208 bytes
->Flash cache emptied: 1317 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109184 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 133041842 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 172.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 02092012_115525

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\All Users\Application Data\KRSHistory\KSafeSvc\xml not found!
File\Folder C:\Documents and Settings\All Users\Application Data\KRSHistory\KSafeSvc\data not found!

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
jaktunner
Junior Member


Joined: 08 Feb 2012
Last Visit: 10 Feb 2012
Posts: 10

PostPosted: Thu Feb 09, 2012 11:43 am    Post subject: Reply with quote

E-set log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bb29379cc655754cbd8dffa4db0edeb2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-09 07:40:35
# local_time=2012-02-09 12:40:35 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777191 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=58764
# found=7
# cleaned=0
# scan_time=1954
C:\Documents and Settings\Cas Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cas Mark\Start Menu\QuickStores.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\02092012_115525\C_WINDOWS\System32\drivers\etc\hosts Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{17E58318-70F6-49C2-860F-3568570BB02B}\RP37\A0011361.exe a variant of Win32/HackTool.CheatEngine.AB application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{17E58318-70F6-49C2-860F-3568570BB02B}\RP37\A0011362.exe a variant of Win32/HackTool.CheatEngine.AB application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{17E58318-70F6-49C2-860F-3568570BB02B}\RP37\A0011366.EXE a variant of Win32/Keygen.AU application (unable to clean) 00000000000000000000000000000000 I
E:\Jak'dUP\Test Files\autoit\ShitItsEW.exe Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Thu Feb 09, 2012 3:52 pm    Post subject: Reply with quote

Looking better, still some work to do.


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:Files
C:\Documents and Settings\Cas Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
C:\Documents and Settings\Cas Mark\Start Menu\QuickStores.lnk
E:\Jak'dUP\Test Files\autoit\ShitItsEW.exe

:Commands
[ClearAllRestorePoints]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

How is your computer behaving now ?
.
.
.
.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
jaktunner
Junior Member


Joined: 08 Feb 2012
Last Visit: 10 Feb 2012
Posts: 10

PostPosted: Thu Feb 09, 2012 4:24 pm    Post subject: Reply with quote

========== FILES ==========
C:\Documents and Settings\Cas Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk moved successfully.
C:\Documents and Settings\Cas Mark\Start Menu\QuickStores.lnk moved successfully.
E:\Jak'dUP\Test Files\autoit\ShitItsEW.exe moved successfully.
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 02092012_172025


Everything seems to be running nicely, I need to do a little more google searching to see if it is still bugging with my link clicking but I will post again in a little bit and tell you how it went.

As an added note, I haven't used it in 2 years so it's not a huge deal, E:\Jak'dUP\Test Files\autoit\ShitItsEW.exe: this is actually just an auto clicking program that I wrote myself so I don't know why it showed up as infected, lol
Back to top
View user's profile Send private message
jaktunner
Junior Member


Joined: 08 Feb 2012
Last Visit: 10 Feb 2012
Posts: 10

PostPosted: Thu Feb 09, 2012 4:27 pm    Post subject: Reply with quote

EXCELLENT!!! I just went through about 30 links or so in google (links I normally visit and are clean) not a single redirect to allertsearch.net. Thank you very much! Greatly appreciated!
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Thu Feb 09, 2012 5:10 pm    Post subject: Reply with quote

If you want .... E:\Jak'dUP\Test Files\autoit\ShitItsEW.exe .... recovering please let me know and we can restore it from quarantine.

When OTL removes a file it does not immediately delete it, the file is only deleted when OTL is removed.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
jaktunner
Junior Member


Joined: 08 Feb 2012
Last Visit: 10 Feb 2012
Posts: 10

PostPosted: Thu Feb 09, 2012 5:23 pm    Post subject: Reply with quote

it's ok, I haven't used it in a few years and I made it in less than an hour so if I need it back I can just re-write it. ty though
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Thu Feb 09, 2012 9:59 pm    Post subject: Reply with quote

OK, in that case we're pretty much finished. Just a little bit of housekeeping to do, then I'll make a few suggestions about security.

First

Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller.

  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).


As far as I can see, your computer looks clear of infection now.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.


If your computer is running slowly after your clean up, please read.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
jaktunner
Junior Member


Joined: 08 Feb 2012
Last Visit: 10 Feb 2012
Posts: 10

PostPosted: Fri Feb 10, 2012 12:08 am    Post subject: Reply with quote

Everything is running great, I already do temp internet files every day if I get on and I defrag every 20 days or so.

However I would like to ask... if I were to install a firewall like Online Armor, do I need to disable windows firewall or do anything before hand at all to prevent any type of disturbance?
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Fri Feb 10, 2012 12:48 am    Post subject: Reply with quote

Glad to hear your computer is running OK now.

If you install a 3rd party firewall, then the installation of that firewall will usually disable Windows Firewall, so there's no need to do it manually.

If you've never used a 3rd party firewall before, it's a bit more involved than using Windows Firewall, and there's a bit to learn in how to configure it, usually the default settings are sufficient for most people.

To be honest, if you're connected to the internet using a router then most routers come with a hardware firewall installed and the combination of that and Windows Firewall IMO gives adequate protection.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
jaktunner
Junior Member


Joined: 08 Feb 2012
Last Visit: 10 Feb 2012
Posts: 10

PostPosted: Fri Feb 10, 2012 9:47 am    Post subject: Reply with quote

alright Smile Thank you for all of your help, it's greatly appreciated
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Fri Feb 10, 2012 4:14 pm    Post subject: Reply with quote

You're welcome, glad we could resolve your problem. Very Happy

Keep safe.

Gary

Quote:
This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.


If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group