NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
February 14, 2012, 09:58:04 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

Can't remove Trojan.Agent Systim32 EXE Folders like Apps


AddThis Social Bookmark Button AddThis Feed Button
Pages: [1]
« previous next »
  Print  
Author Topic: Can't remove Trojan.Agent Systim32 EXE Folders like Apps  (Read 2263 times)
Down_under
Newbie
*
Posts: 1


View Profile
« on: May 18, 2010, 04:08:32 PM »
Hi guys!


I hope you can help me here! I am Sebastian! I have 3 Shop computers, 2 tills
& an office! All 3 have malwarebytes licenses! But i can't remove the trojan agent!

I am running Windows XP SP3 and i can't see my folders. All folders seems too be EXE Files!

I need the programs in the network for bookkeeping and stuff, but can't find them. If i want to change the folder options or search a file, the windows are closing immediatly.


Hope somebody can help me! Here is a logfile from Malware, Highjack and OTL

Malware Logfile


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4099

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/05/2010 8:50:51 PM
mbam-log-2010-05-18 (20-50-51).txt

Scan type: Full scan (C:\|)
Objects scanned: 198881
Time elapsed: 1 hour(s), 11 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\SYSTIM32.EXE (Trojan.Agent) -> No action taken







OTL Log:


OTL logfile created on: 18/05/2010 6:28:19 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 459.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 53.97 Gb Free Space | 72.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REDGUMSERVER
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Kalender\Kalender.exe (Ulrich Krebs)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\CNAB3RPK.EXE (CANON INC.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://secure.centrelink.gov.au/TX/login?F...mp;Locale=en_US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www3.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "https://secure.centrelink.gov.au/TX/login?FirstTime=true&Locale=en_US"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://www3.iamwired.net/websearch.php?src=tops&search="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 13:30:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 13:30:26 | 000,000,000 | ---D | M]

[2009/11/07 14:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/05/18 16:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p809rhfj.default\extensions
[2009/11/07 15:35:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p809rhfj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/18 16:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/20 10:49:24 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2010/01/16 14:53:36 | 000,373,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12872 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe (Ulrich Krebs)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257029364703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab (PortfolioManagerWT ProfileManager Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.8.183.1 192.189.54.17
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/08 06:39:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0ffbabaf-9bfe-11de-80af-00110960935b}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{0ffbabaf-9bfe-11de-80af-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1341912a-dcf3-11dc-aa46-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{1341912a-dcf3-11dc-aa46-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{15274024-ca2b-11dd-bf58-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{15274024-ca2b-11dd-bf58-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18a14fce-9433-11de-80a5-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{18a14fce-9433-11de-80a5-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{377530ab-3802-11dd-aa6f-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{377530ab-3802-11dd-aa6f-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{37dea5ff-0f83-11df-816b-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{37dea5ff-0f83-11df-816b-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3eecf242-303e-11dc-aa27-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{3eecf242-303e-11dc-aa27-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4ad6a45f-c4db-11de-80f6-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{4ad6a45f-c4db-11de-80f6-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
O33 - MountPoints2\{69db068e-f800-11de-814c-00110960935b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found
O33 - MountPoints2\{69db068e-f800-11de-814c-00110960935b}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found
O33 - MountPoints2\{92b21574-1b80-11df-818a-00110960935b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found
O33 - MountPoints2\{92b21574-1b80-11df-818a-00110960935b}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found
O33 - MountPoints2\{a1e86cc9-d3ce-11de-811b-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell\AutoRun\command - "" = E:\MediaManager.exe -- File not found
O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell\AutoRun\command - "" = E:\MediaManager.exe -- File not found
O33 - MountPoints2\{ed4bff8c-90fd-11de-80a1-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{ed4bff8c-90fd-11de-80a1-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee313646-21b9-11de-bfce-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{ee313646-21b9-11de-bfce-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eec796b3-ef29-11dc-aa48-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{eec796b3-ef29-11dc-aa48-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fad719c9-c73a-11de-80f9-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe6470ad-3210-11dd-aa6c-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{fe6470ad-3210-11dd-aa6c-00110960935b}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/18 17:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira
[2010/05/18 17:55:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/05/18 17:55:10 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/05/18 17:55:09 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/05/18 17:55:09 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/05/18 17:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/05/18 17:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/05/18 17:34:47 | 000,188,673 | ---- | C] (Avira GmbH) -- C:\Documents and Settings\User\Desktop\avirarkd.exe
[2010/05/18 17:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/13 09:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\MP3 Player Load
[2010/04/25 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\GlarySoft
[2010/04/25 14:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/04/25 14:16:11 | 008,088,472 | ---- | C] (Glarysoft Ltd ) -- C:\gusetup.exe
[2010/04/25 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TuneUp Software
[2010/04/25 10:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/04/25 10:19:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/04/25 09:34:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\SYSTIM32
[2010/04/25 09:31:12 | 000,000,000 | -HSD | C] -- C:\SYSTIM32
[2010/04/21 11:13:42 | 001,242,112 | ---- | C] (Chestysoft) -- C:\WINDOWS\System32\csXImage.ocx
[2010/04/21 11:13:42 | 000,402,848 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\btn32a20.ocx
[2010/04/21 11:13:42 | 000,266,240 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZTiff.dll
[2010/04/21 11:13:42 | 000,225,280 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Btn32d20.dll
[2010/04/21 11:13:42 | 000,204,800 | ---- | C] (SaifSoft) -- C:\WINDOWS\System32\ColorBox.ocx
[2010/04/21 11:13:42 | 000,180,224 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\Eztwain3.dll
[2010/04/21 11:13:42 | 000,151,552 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZPng.dll
[2010/04/21 11:13:42 | 000,118,784 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZGif.dll
[2010/04/21 11:13:42 | 000,106,496 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZJpeg.dll
[2010/04/21 11:13:42 | 000,049,152 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZPdf.dll
[2010/04/21 11:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\DVDCoverPrint
[2010/04/21 11:13:41 | 000,238,080 | ---- | C] (Pegasus Software LLC) -- C:\WINDOWS\System32\fximg50g.ocx
[2010/04/21 11:13:41 | 000,178,688 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\fxlbl50g.ocx
[2010/04/21 11:13:40 | 000,307,200 | ---- | C] (Polar sales@polarsoftware.com www.polarsoftware.com) -- C:\WINDOWS\System32\PolarZIPLight.dll
[2010/04/21 11:13:40 | 000,122,880 | ---- | C] (ImageFX) -- C:\WINDOWS\System32\fxtls532.dll
[2010/04/21 11:13:40 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2004/11/25 04:55:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[979 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/18 18:26:40 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/18 18:25:20 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/18 18:25:11 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/05/18 18:25:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/18 18:24:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/18 18:15:41 | 000,000,807 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
[2010/05/18 18:15:41 | 000,000,039 | ---- | M] () -- C:\WINDOWS\MYOB.INI
[2010/05/18 18:14:30 | 000,000,331 | -HS- | M] () -- C:\regs.sys
[2010/05/18 18:03:51 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2010/05/18 18:03:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/05/18 17:55:34 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/05/18 17:46:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/18 17:44:31 | 000,000,743 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/18 17:15:07 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk
[2010/05/18 16:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/05/18 10:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/05/18 04:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/05/17 22:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/05/16 10:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/12 09:52:29 | 000,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/12 09:27:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TEMP.001
[2010/05/10 16:28:24 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Centrepay Report.xls
[2010/05/07 13:20:52 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Box of Eggs.doc
[2010/05/07 06:29:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/07 06:29:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/07 06:09:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/07 06:09:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/07 06:04:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/07 06:03:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/07 06:03:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/07 06:03:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/07 06:03:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 14:07:52 | 000,522,560 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/26 14:07:52 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/26 14:07:52 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/25 14:17:08 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Glary Utilities.lnk
[2010/04/25 14:16:12 | 008,088,472 | ---- | M] (Glarysoft Ltd ) -- C:\gusetup.exe
[2010/04/25 10:53:17 | 004,718,592 | ---- | M] () -- C:\WINDOWS\TEMP.000
[2010/04/21 11:15:04 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to DVDCoverPrint.lnk
[979 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/18 18:14:30 | 006,883,584 | ---- | C] () -- C:\WINDOWS\System32\SYSTIM32.EXE
[2010/05/18 17:55:34 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/05/18 17:19:00 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.004
[2010/05/18 17:14:57 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk
[2010/05/18 16:13:04 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.003
[2010/05/18 16:13:04 | 006,883,584 | ---- | C] () -- C:\WINDOWS\LASTGOOD.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\WINSXS.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\WBEM.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.002
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SXSCAP~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SUN.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SRCHASST.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SOFTWA~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SHELLNEW.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SERVIC~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SECURITY.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\RESOUR~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REPAIR.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REGIST~2.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REGIST~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PSS.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PROVIS~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PROFILES.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PREFETCH.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PEERNET.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PCHEALTH.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\NETWOR~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MUI.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MSAPPS.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MSAGENT.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MINIDUMP.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MICROS~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MEDIA.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\L2SCHE~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\JAVA.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IME.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IE8UPD~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IE7UPD~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\HELP.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\EHOME.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DRIVER~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DOWNLO~2.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DEBUG.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CURSORS.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CRYSTAL.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CONNEC~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CONFIG.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CACHE.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\BDOSCAN8.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\APPPATCH.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\ADDINS.EXE
[2010/05/10 10:42:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEMP.001
[2010/05/07 13:20:51 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Box of Eggs.doc
[2010/04/25 14:17:15 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/04/25 14:17:08 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Glary Utilities.lnk
[2010/04/25 09:34:24 | 006,883,584 | ---- | C] () -- C:\Documents and Settings\User\WINDOWS.EXE
[2010/04/25 09:34:24 | 006,883,584 | ---- | C] () -- C:\Documents and Settings\User\DESKTOP.EXE
[2010/04/25 09:31:10 | 004,718,592 | ---- | C] () -- C:\WINDOWS\TEMP.000
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\SPOOLE~1.EXE
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\RETAILM.EXE
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOBODBC.EXE
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOBOD~1.EXE
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOB18.EXE
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\DOCUME~1.EXE
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\ATI.EXE
[2010/04/24 09:17:59 | 000,000,331 | -HS- | C] () -- C:\regs.sys
[2010/04/21 11:15:04 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to DVDCoverPrint.lnk
[2010/04/21 11:13:41 | 000,059,014 | ---- | C] () -- C:\WINDOWS\System32\picn1820.ssm
[2010/04/21 11:13:41 | 000,047,163 | ---- | C] () -- C:\WINDOWS\System32\picn1320.ssm
[2010/04/21 11:13:41 | 000,016,064 | ---- | C] () -- C:\WINDOWS\System32\picn8220.ssm
[2010/04/21 11:13:39 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2010/03/08 09:32:20 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/03/08 09:32:18 | 001,317,152 | R--- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/11/07 12:19:55 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/06 08:39:29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2009/05/01 16:03:48 | 000,009,961 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/05 15:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/20 00:45:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/18 03:11:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/18 02:52:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/18 02:52:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/18 02:47:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/18 02:29:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/11 20:57:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/30 12:15:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/10/02 15:11:22 | 000,000,663 | ---- | C] () -- C:\WINDOWS\openrda.ini
[2007/08/06 11:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/10 11:09:28 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLeNL.DLL
[2007/03/13 16:29:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/23 15:00:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/05/05 18:26:00 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ctreestd.dll
[2004/10/17 09:34:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI
[2004/10/17 09:32:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2004/10/17 09:16:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI
[2004/10/10 14:16:27 | 000,000,132 | ---- | C] () -- C:\WINDOWS\MYOBPOpt.INI
[2004/10/10 13:48:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/10 13:08:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2004/10/10 12:52:25 | 000,000,807 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2004/10/10 12:52:25 | 000,000,119 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2004/10/10 12:52:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2004/10/10 12:50:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2004/10/10 12:49:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2004/10/10 12:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwp32.INI
[2004/10/08 06:53:12 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/10/04 03:20:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/31 07:02:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/11/14 10:53:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996/02/22 10:53:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1996/01/15 10:53:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll
[1995/09/25 10:53:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 10:53:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini
< End of report >



HIGHJACK THIS


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:43:39 PM, on 18/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Kalender\Kalender.exe
C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\My Documents\Downloads\windows-kb890830-v3.7.exe
c:\70ff4e5438fec949a2\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.centrelink.gov.au/TX/login?F...mp;Locale=en_US
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Javaâ„¢ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257029364703
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 8572 bytes




Hop somebody can help, i need the computer, otherwise my tills are not working. Horror on a busy day.

Cheers

Seb
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  




Recommended software:
STOPzilla
(90/100)
STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses,...
Malwarebytes Anti Malware
(88/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t...
Spyware Doctor
(87/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and...
SpyHunter
(86/100)
SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are...
XoftSpySE Anti Spyware
(84/100)
XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to...
Encyclopedia of parasites:

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.