Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help remove Malware from my PC

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 7th, 2010, 7:11 pm

Hi deltalima,

Below are the results from Virustotal for C:\Windows\System32\a3d.dll file

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
a3d.dll
Submission date:
2010-11-07 22:59:54 (UTC)
Current status:
queued queued (#5) analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.11.07.00 2010.11.07 -
AntiVir 7.10.13.164 2010.11.07 -
Antiy-AVL 2.0.3.7 2010.11.07 -
Authentium 5.2.0.5 2010.11.07 -
Avast 4.8.1351.0 2010.11.07 -
Avast5 5.0.594.0 2010.11.07 -
AVG 9.0.0.851 2010.11.07 -
BitDefender 7.2 2010.11.07 -
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.06 -
Comodo 6644 2010.11.07 -
DrWeb 5.0.2.03300 2010.11.07 -
Emsisoft 5.0.0.50 2010.11.07 -
eSafe 7.0.17.0 2010.11.07 -
eTrust-Vet 36.1.7958 2010.11.05 -
F-Prot 4.6.2.117 2010.11.07 -
F-Secure 9.0.16160.0 2010.11.07 -
Fortinet 4.2.249.0 2010.11.07 -
GData 21 2010.11.07 -
Ikarus T3.1.1.90.0 2010.11.07 -
Jiangmin 13.0.900 2010.11.07 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.07 -
McAfee 5.400.0.1158 2010.11.07 -
McAfee-GW-Edition 2010.1C 2010.11.07 -
Microsoft 1.6301 2010.11.07 -
NOD32 5599 2010.11.07 -
Norman 6.06.10 2010.11.07 -
nProtect 2010-11-07.01 2010.11.07 -
Panda 10.0.2.7 2010.11.07 -
PCTools 7.0.3.5 2010.11.07 -
Prevx 3.0 2010.11.08 -
Rising 22.72.04.00 2010.11.06 -
Sophos 4.59.0 2010.11.07 -
Sunbelt 7245 2010.11.07 -
SUPERAntiSpyware 4.40.0.1006 2010.11.07 -
Symantec 20101.2.0.161 2010.11.07 -
TheHacker 6.7.0.1.079 2010.11.07 -
TrendMicro 9.120.0.1004 2010.11.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.07 -
VBA32 3.12.14.1 2010.11.05 -
ViRobot 2010.10.4.4074 2010.11.07 -
VirusBuster 12.72.1.1 2010.11.07 -
Additional information
Show all
MD5 : a3aff8fdaefa55ce017e38678d6dfbd4
SHA1 : f92976e240bf49f42b160dd180bdf048055a4991
SHA256: c5303e24842148e79dd28279d0526f218028ebd61a36e4c76e86d5aa24f3e6b1
ssdeep: 768:bb5dC4lgf132u1SrcPkWUXfq/8vADu7m8JAZiZXZADIl+x/22LMRL08O4xQH:v5I46Gu1Gr
fq/c9KAAkZXi0lhRL0Ta
File size : 60928 bytes
First seen: 2010-11-07 22:55:31
Last seen : 2010-11-07 22:59:54
TrID:
DirectShow filter (77.7%)
Win32 Executable MS Visual C++ (generic) (14.5%)
Win32 Executable Generic (3.2%)
Win32 Dynamic Link Library (generic) (2.9%)
Generic Win/DOS Executable (0.7%)
sigcheck:
publisher....:
copyright....:
product......: a3dx5
description..: a3dx5
original name: a3d.dll
internal name: a3dx5
file version.: 80.0.0.3
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x37BD
timedatestamp....: 0x478C3D9F (Tue Jan 15 04:59:11 2008)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xC258, 0xC400, 6.65, 918d94de3b0f78cec8c460b5f008d5cc
.data, 0xE000, 0x1C20, 0x1200, 3.45, 56c16363b5d094c6fdc6a2e7e71b8046
.rsrc, 0x10000, 0x2E8, 0x400, 2.43, 735ff3db5d9c972a1edfdea94a774b9a
.reloc, 0x11000, 0xE72, 0x1000, 4.52, 8f20a2cbc94785976bdcb867409afd9e

[[ 5 import(s) ]]
KERNEL32.dll: GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCommandLineA, GetVersionExA, GetProcAddress, GetModuleHandleA, ExitProcess, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapFree, HeapAlloc, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, WriteFile, LeaveCriticalSection, GetTickCount, EnterCriticalSection, OutputDebugStringA, LoadLibraryA, InitializeCriticalSection, GetModuleHandleW, GetCPInfo, GetACP, GetOEMCP, Sleep, VirtualAlloc, HeapReAlloc, RtlUnwind, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW, VirtualProtect, GetSystemInfo, VirtualQuery, QueryPerformanceCounter, InterlockedDecrement, InterlockedIncrement, lstrcpyA, lstrcatA, lstrlenA, GetLastError
USER32.dll: wsprintfA
ADVAPI32.dll: RegCreateKeyExA, RegSetValueExA, RegCloseKey, GetUserNameA, RegDeleteKeyA
ole32.dll: StringFromGUID2, CoCreateInstance
DSOUND.dll: -

[[ 5 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, _A3dCreate@12
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 50176
CompanyName:
EntryPoint: 0x37bd
FileDescription: a3dx5
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 60 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 80.0.0.3
FileVersionNumber: 80.0.0.3
ImageVersion: 6.0
InitializedDataSize: 12800
InternalName: a3dx5
LanguageCode: English (U.S.)
LegalCopyright:
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OLESelfRegister:
OSVersion: 6.0
ObjectFileType: Dynamic link library
OriginalFilename: a3d.dll
PEType: PE32
ProductName: a3dx5
ProductVersion: 80.0.0.3
ProductVersionNumber: 80.0.0.3
Subsystem: Windows command line
SubsystemVersion: 6.0
TimeStamp: 2008:01:15 05:59:11+01:00
UninitializedDataSize: 0

VT Community


-----------------------------------------------------------------------------------------------------------
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm
Advertisement
Register to Remove

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 7th, 2010, 7:23 pm

Hi deltalima,

Here are some parts from the log file generated by Spyware Doctor.

11/6/2010 10:08:33 AM:655
Infection cleaned
Threat Name - Downloader.Generic
Type - File
Risk Level - Medium
Infection - C:\PROGRAMDATA\SYMANTEC\SRTSP\QUARANTINE\APQ3A31.TMP
11/6/2010 10:08:33 AM:655
Infection cleaned
Threat Name - Downloader.Generic
Type - File
Risk Level - Medium
Infection - C:\PROGRAMDATA\SYMANTEC\SRTSP\QUARANTINE\APQ3946.TMP
11/6/2010 10:08:33 AM:656
Infection cleaned
Threat Name - Downloader.Generic
Type - File
Risk Level - Medium
Infection - C:\PROGRAMDATA\SYMANTEC\SRTSP\QUARANTINE\APQ393C.TMP
11/6/2010 10:08:33 AM:657
Infection cleaned
Threat Name - Downloader.Generic
Type - File
Risk Level - Medium
Infection - C:\PROGRAMDATA\SYMANTEC\SRTSP\QUARANTINE\APQ38C8.TMP
11/6/2010 10:08:33 AM:658
Infection cleaned
Threat Name - Downloader.Generic
Type - File
Risk Level - Medium
Infection - C:\PROGRAMDATA\SYMANTEC\SRTSP\QUARANTINE\APQ38B2.TMP
11/6/2010 10:08:33 AM:658
Infection cleaned
Threat Name - Downloader.Generic
Type - File
Risk Level - Medium
Infection - C:\PROGRAMDATA\SYMANTEC\SRTSP\QUARANTINE\APQ389F.TMP
-------------------------------------------------------------------------------------------

Here are some parts from the log file generated by Symantec AntiVirus.

Date and Time Risk Action Filename Risk Type Original Location Computer User Status Current Location Primary Action Secondary Action Logged By Action Description
11/7/2010 14:50 Downloader Pending Analysis 4cd72cee.tmp File C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\ ILYA-PC SYSTEM Infected C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\ Clean security risk Quarantine Auto-Protect scan
11/7/2010 14:50 Downloader Pending Analysis 4cd72ca7.tmp File C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\ ILYA-PC SYSTEM Infected C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\ Clean security risk Quarantine Auto-Protect scan
11/7/2010 14:50 Downloader Pending Analysis 4cd72ced.tmp File C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\ ILYA-PC SYSTEM Infected C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\ Clean security risk Quarantine Auto-Protect scan
11/7/2010 14:50 Downloader Pending Analysis 4cd72cd4.tmp File C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\ ILYA-PC SYSTEM Infected C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\ Clean security risk Quarantine Auto-Protect scan
---------------------------------------------------------------------------------------------------------

Thanks for your help.
Strelok31
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 7th, 2010, 7:30 pm

Hi deltalima,

Malwarebytes' Anti-Malware is still installed on this computer. I have installed this software yesterday hoping it might be able to remove this malware from my PC. I am sorry, I won't install anymore programs unless you tell me to do so.

Here are the contents from the mbam-log-2010-11-06 (10-33-46).log file

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5062

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

11/6/2010 10:33:46 AM
mbam-log-2010-11-06 (10-33-46).txt

Scan type: Quick scan
Objects scanned: 158885
Time elapsed: 22 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks for your help.
Strelok31
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby deltalima » November 8th, 2010, 6:26 am

Hi strelok31,

So far there are no obvious signs of infection in the logs. Both Symantec and Spyware Doctor are detecting update files for Symantec as downloader which is a heuristic detection.

This may be a false positive caused by an interaction between the two products.

The version of Symatec Antivirus you are running is very old and no longer supported and this could be the cause.

Please upgrade to a supported version of Symantec or remove it and install one of the free antivirus programs below.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Once the new program is installed please run a full scan and post the logs in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 8th, 2010, 1:36 pm

Hi deltalima,

So you are saying that my PC is possibly clean, right? Why do both Symantec and Spyware Doctor alert me that infections were blocked and removed? Can you please explain to me what is a downloader and heuristic detection? So both programs think that update files for Symantec are infections? How can Symantec think that updates to its own software are infected files? It does not sound to me like it is a good Anti-virus program. How do you know that these files are updates to Symantec? These files are clean, right?

Thanks for your help.
Strelok31
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 8th, 2010, 1:41 pm

Hi deltalima,

By the way all my Symantec Anti-Virus definitions are up to date. So you are saying that even if definitions are up to date, but the version of the software is old it is better to upgrade to new version, right? I always believed that as long as anti-virus definitions are up to date the old version is still good.

Thanks,
strelok31
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby deltalima » November 8th, 2010, 1:59 pm

Hi strelok31,

So you are saying that my PC is possibly clean, right?


Possibly, I would like you to install a modern antivirus program to check.

Why do both Symantec and Spyware Doctor alert me that infections were blocked and removed? Can you please explain to me what is a downloader and heuristic detection?


Heuristic detection is done by looking for virus like behaviour rather than identifying the signs of a particular virus. A downloader is a program that downloads, like an antivirus tool downloading updated definitions.

So both programs think that update files for Symantec are infections?


Both programs think that the way data is downloaded is suspicious.

How can Symantec think that updates to its own software are infected files?


The current heuristic rules are not designed to be used with the very old version of the software that you have and so give unpredictable results.

It does not sound to me like it is a good Anti-virus program.


It was a good program at the time but like all antivirus programs there have been many significant changes over the years to the latest version.

How do you know that these files are updates to Symantec?


From my reading of the Symantec logs that you provided, the infected files were detected in the Symantec transfer folder. The only way to prove this is by upgrading to a modern antivirus program.

These files are clean, right?


The free antivirus tools that I recommended are clean, yes.

By the way all my Symantec Anti-Virus definitions are up to date. So you are saying that even if definitions are up to date, but the version of the software is old it is better to upgrade to new version, right?


Absolutely, the version you are running has not been supported or use with current definitions for many years.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 8th, 2010, 2:13 pm

Hi deltalima,

Thank you for your explanation. Which anti-virus program do you recommend besides the free ones that you recommended earlier? Which one is the best one? I don't mind paying for it as long as I know that it will do its job well. I want to read reviews of different anti virus software to see which one has the highest rating.

Thanks,
strelok31
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby deltalima » November 8th, 2010, 2:19 pm

Hi strelok31,

Which one is the best one? I don't mind paying for it as long as I know that it will do its job well. I want to read reviews of different anti virus software to see which one has the highest rating.


All the modern ones do quite a good job, there is no one best product, one may detect more but be slower or have less extras.

Any of the free ones I mentioned will do the job, then once the computer is clean you can read reviews and replace it with the one that you choose.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 9th, 2010, 2:47 am

Hi Detalime,

Thank you for your help and explanation. I have uninstalled Symantec and installed Avast 5. I ran the full scan it found 101 infected files. I deleted all these infected files successfully using Avast. The infection it found is called Win32:Enistery [susp] in C:\windows\temp directory. One such file is called TMP10DF.tmp. I have rebooted my PC and I am scanning again with Avast and Spyware Doctor to see if they will find anything else. I will let you know.

Thanks,
strelok31
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 9th, 2010, 2:50 am

Hi Detalime,

I was not able to copy and paste the log file from the last scan. I enabled the option to create a log file for this current scan and will post it once the Avast! scanning is done.

Thanks,
Ilya
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby deltalima » November 9th, 2010, 4:24 am

OK, please post log when ready.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 9th, 2010, 4:32 am

Avast did not find anything on the 2nd scan.

Spyware Docotor found several downloader.generic threats in C:\ProgramData\Symantec folder. I have deleted C:\ProgramData\Symantec folder. Spyware Doctor is still not done scanning.
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby deltalima » November 9th, 2010, 4:35 am

Hi strelok31,

Avast did not find anything on the 2nd scan.


Good. Please post the Spyware Doctor log when complete.

TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Now please run a new scan with OTL and post just the log OTL.txt in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 9th, 2010, 5:21 am

I ran TFC and rebooted my PC like it asked me to.

Here is the contents of the OTL.txt

OTL logfile created on: 11/9/2010 12:59:47 AM - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\ilya\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 293.73 Gb Free Space | 65.17% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.10 Gb Free Space | 60.70% Space Free | Partition Type: NTFS

Computer Name: ILYA-PC | User Name: ilya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ilya\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\WebEx\Productivity Tools\ptSrv.exe (WebEx Communications, Inc.)
PRC - C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe (WebEx Communications, Inc.)
PRC - C:\Program Files\WebEx\Productivity Tools\PTIM.exe (WebEx Communications, Inc)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe ()
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\ilya\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SessionLauncher) -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTHWIUT.DLL) -- C:\Windows\System32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CTEXFIFX.DLL) -- C:\Windows\System32\CTEXFIFX.dll (Creative Technology Ltd.)
DRV - (CT20XUT.DLL) -- C:\Windows\System32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (PalmUSBD) -- C:\Windows\System32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=3090121
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=3090121
IE - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cli ... bd=3090121
IE - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: ocplugin@webex.com:1.1
FF - prefs.js..extensions.enabledItems: timetrack@usablehack.com:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/31 13:49:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/31 13:49:53 | 000,000,000 | ---D | M]

[2009/01/25 16:47:21 | 000,000,000 | ---D | M] -- C:\Users\ilya\AppData\Roaming\Mozilla\Extensions
[2010/11/08 19:03:05 | 000,000,000 | ---D | M] -- C:\Users\ilya\AppData\Roaming\Mozilla\Firefox\Profiles\vss6nrvn.default\extensions
[2009/11/01 10:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ilya\AppData\Roaming\Mozilla\Firefox\Profiles\vss6nrvn.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/07/30 10:46:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ilya\AppData\Roaming\Mozilla\Firefox\Profiles\vss6nrvn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/11 09:21:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\ilya\AppData\Roaming\Mozilla\Firefox\Profiles\vss6nrvn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/11/01 10:51:10 | 000,000,000 | ---D | M] -- C:\Users\ilya\AppData\Roaming\Mozilla\Firefox\Profiles\vss6nrvn.default\extensions\timetrack@usablehack.com
[2010/07/19 20:14:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/19 20:14:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/14 21:50:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll ()
O3 - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe (WebEx Communications, Inc)
O4 - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe (WebEx Communications, Inc.)
O4 - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000..\Run: [Steam] c:\program files\valve\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\ilya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\ilya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files\Palm\register.exe (palmOne/Leader Technologies)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2431464384-2967160312-2786964109-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} https://conference.oracle.com/imtapp/re ... nsload.cab (Reg Error: Value error.)
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} https://strtc.oracle.com/imtapp/res/jar/cnsload.cab (Reg Error: Value error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\ilya\Pictures\Costa Rica 2010\IMG_4919.JPG
O24 - Desktop BackupWallPaper: C:\Users\ilya\Pictures\Costa Rica 2010\IMG_4919.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 00:43:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\ilya\Desktop\TFC.exe
[2010/11/08 20:18:22 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/11/08 20:18:22 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/11/08 20:18:21 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/11/08 20:18:18 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/11/08 20:18:14 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/11/08 20:17:17 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/08 20:17:16 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/11/08 20:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/11/08 20:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/06 09:10:04 | 000,000,000 | ---D | C] -- C:\Users\ilya\AppData\Roaming\Malwarebytes
[2010/11/06 09:09:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/06 09:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/06 09:09:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/06 09:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/03 22:24:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/03 21:36:45 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\ilya\Desktop\OTL.exe
[2010/11/01 18:40:03 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/11/01 18:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/10/31 11:15:10 | 000,000,000 | ---D | C] -- C:\Users\ilya\Documents\Simply Super Software
[2010/10/31 11:14:59 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010/10/31 11:14:56 | 000,000,000 | ---D | C] -- C:\Users\ilya\AppData\Roaming\Simply Super Software
[2010/10/31 11:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/10/31 11:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/10/27 21:30:18 | 000,000,000 | ---D | C] -- C:\Users\ilya\Documents\Burbank hockey
[2010/10/25 23:11:22 | 000,000,000 | ---D | C] -- C:\Users\ilya\Documents\CD Accounts
[2009/01/21 10:10:14 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[1 C:\Users\ilya\*.tmp files -> C:\Users\ilya\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/09 00:59:10 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/09 00:59:10 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/09 00:52:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/09 00:52:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/09 00:52:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/09 00:52:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/09 00:52:22 | 3219,046,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/09 00:51:46 | 000,064,748 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2010/11/09 00:51:46 | 000,055,324 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2010/11/09 00:51:46 | 000,055,324 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2010/11/09 00:46:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/09 00:44:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\ilya\Desktop\TFC.exe
[2010/11/09 00:26:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2431464384-2967160312-2786964109-1000UA.job
[2010/11/08 20:23:03 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/11/08 20:23:03 | 000,001,957 | ---- | M] () -- C:\Users\ilya\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/08 20:18:28 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/11/08 20:18:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/11/08 19:26:04 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2431464384-2967160312-2786964109-1000Core.job
[2010/11/06 09:09:50 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/06 08:16:30 | 000,133,632 | ---- | M] () -- C:\Users\ilya\Desktop\RKUnhookerLE.EXE
[2010/11/03 22:24:53 | 179,175,758 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/03 21:36:47 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\ilya\Desktop\OTL.exe
[2010/11/01 18:17:31 | 000,443,392 | ---- | M] () -- C:\Users\ilya\Desktop\CKScanner.exe
[2010/10/31 11:15:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/10/31 10:25:37 | 000,000,934 | ---- | M] () -- C:\Users\ilya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\palmOne Registration.lnk
[2010/10/24 17:25:28 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/17 20:58:05 | 000,115,712 | ---- | M] () -- C:\Users\ilya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\ilya\*.tmp files -> C:\Users\ilya\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/08 20:23:03 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/11/08 20:23:03 | 000,001,957 | ---- | C] () -- C:\Users\ilya\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/08 20:18:28 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/11/06 09:09:50 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/06 08:15:41 | 000,133,632 | ---- | C] () -- C:\Users\ilya\Desktop\RKUnhookerLE.EXE
[2010/11/03 22:24:45 | 179,175,758 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/03 22:24:33 | 3219,046,400 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/01 18:17:25 | 000,443,392 | ---- | C] () -- C:\Users\ilya\Desktop\CKScanner.exe
[2010/10/31 11:15:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/10/31 11:14:59 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/10/31 11:14:59 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/10/31 11:14:59 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/10/31 11:14:59 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/05/10 22:05:27 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/05/10 22:05:27 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/04/25 18:32:11 | 000,000,088 | ---- | C] () -- C:\Users\ilya\AppData\Roaming\usb.inf
[2009/12/11 00:47:50 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/11/29 17:05:44 | 000,030,295 | ---- | C] () -- C:\Users\ilya\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/02/03 21:47:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/01/25 17:53:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/25 16:58:47 | 000,115,712 | ---- | C] () -- C:\Users\ilya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/21 10:10:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/01/21 10:10:14 | 000,046,659 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/01/21 10:10:14 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/01/21 09:49:01 | 000,000,307 | ---- | C] () -- C:\Windows\System32\KILL.INI
[2009/01/21 07:29:07 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/01/21 07:29:04 | 000,105,472 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009/01/21 07:29:04 | 000,067,072 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2009/01/21 07:27:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware