TechSpot

8 steps finished

By BlazinGhost
Nov 27, 2010
  1. Having problems with a trojan/virus Remind_xp.exe

    Will appreciate some help from an expert, thanks.

    Malwarebytes:


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5199

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    11/27/2010 3:06:02 PM
    mbam-log-2010-11-27 (15-06-02).txt

    Scan type: Quick scan
    Objects scanned: 150847
    Time elapsed: 6 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-11-27 15:11:12
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3250824A rev.3.AAE
    Running: s4glttdc.exe; Driver: C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\kwayiaog.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 37: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 488396912 (+255): rootkit-like behavior;

    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEB41EBAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEB41E9D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xEB41EB0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 868BF3B2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 868BF3B2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 868BF3B2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 868BF3B2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 868BF3B2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 868BF3B2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-16 868BF3B2
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
    AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
    AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
    AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
    AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3250824A______________________________3.AAE___#5&6da396e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----


    DDS:



    DDS (Ver_10-11-27.01) - NTFSx86
    Run by Owner at 15:17:44.79 on Sat 11/27/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.548 [GMT -8:00]

    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Digital Media Reader\readericon45G.exe
    C:\WINDOWS\zHotkey.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\PROGRA~1\COMMON~1\AOL\129082~1\EE\AOLHOS~1.EXE
    C:\PROGRA~1\COMMON~1\AOL\129082~1\EE\AOLServiceHost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\BigFix\bigfix.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
    uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
    mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
    mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: McAfee Anti-Phishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
    TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [Power2GoExpress] NA
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
    mRun: [CHotkey] zHotkey.exe
    mRun: [HostManager] c:\program files\common files\aol\1290829611\ee\AOLHostManager.exe
    mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
    mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
    mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
    mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
    mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
    mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\i1ag7lk2.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ============= SERVICES / DRIVERS ===============

    P2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2010-11-26 221184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-26 165584]
    R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2010-11-26 80640]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-26 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-26 40384]
    R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2010-11-26 126976]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2010-11-26 122368]
    R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2010-11-26 114464]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-26 136176]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-26 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-26 40384]
    S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2010-11-26 245760]

    =============== Created Last 30 ================

    2010-11-27 20:30:16 -------- d-----w- c:\docume~1\owner~1.you\applic~1\McAfee.com Personal Firewall
    2010-11-27 19:29:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-27 19:29:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-27 18:54:01 -------- d-----w- c:\docume~1\owner~1.you\applic~1\Malwarebytes
    2010-11-27 18:53:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-27 18:53:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-27 18:42:24 -------- d-----w- c:\program files\CCleaner
    2010-11-27 05:35:17 -------- d-----w- c:\program files\AIM
    2010-11-27 05:35:15 -------- d-----w- c:\program files\HLDJ
    2010-11-27 05:35:11 -------- d-----w- c:\program files\GoldWave
    2010-11-27 05:35:09 -------- d-----w- c:\program files\Illustrate
    2010-11-27 05:31:47 -------- d-----w- c:\windows\system32\LogFiles
    2010-11-27 05:21:57 -------- d-----w- c:\windows\system32\AGEIA
    2010-11-27 05:20:57 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2010-11-27 05:20:27 453152 ----a-w- c:\windows\system32\nvudisp.exe
    2010-11-27 05:20:27 -------- d-----w- c:\windows\nview
    2010-11-27 05:18:35 -------- d-----w- C:\NVIDIA
    2010-11-27 04:53:14 -------- d-----w- c:\docume~1\owner~1.you\locals~1\applic~1\Mozilla
    2010-11-27 04:34:25 -------- d-----w- c:\program files\Steam
    2010-11-27 04:27:18 -------- d-----w- c:\docume~1\owner~1.you\locals~1\applic~1\Temp
    2010-11-27 04:27:13 -------- d-----w- c:\docume~1\owner~1.you\locals~1\applic~1\Google
    2010-11-27 04:26:56 38848 ----a-w- c:\windows\avastSS.scr
    2010-11-27 04:26:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-11-27 04:26:03 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
    2010-11-27 04:26:02 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
    2010-11-27 04:26:02 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2010-11-27 04:26:01 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
    2010-11-27 04:17:17 49152 ----a-r- c:\docume~1\owner~1.you\applic~1\microsoft\installer\{15377c3e-9655-400f-b441-e69f0a6beafe}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
    2010-11-27 04:00:40 -------- d-----w- c:\windows\system32\Lang
    2010-11-27 03:55:58 332800 -c--a-w- c:\windows\system32\dllcache\srv.sys
    2010-11-27 03:55:33 94720 -c--a-w- c:\windows\system32\dllcache\iphlpapi.dll
    2010-11-27 03:55:33 148480 -c--a-w- c:\windows\system32\dllcache\dnsapi.dll
    2010-11-27 03:55:33 111616 -c--a-w- c:\windows\system32\dllcache\dhcpcsvc.dll
    2010-11-27 03:55:20 181248 -c--a-w- c:\windows\system32\dllcache\rasmans.dll
    2010-11-27 03:54:01 -------- d-----w- c:\program files\McAfee
    2010-11-27 03:53:56 9216 ----a-w- c:\windows\system32\MpfApi.dll
    2010-11-27 03:53:56 80640 ----a-w- c:\windows\system32\drivers\MpFirewall.sys
    2010-11-27 03:53:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee.com Personal Firewall
    2010-11-27 03:53:37 114464 ----a-w- c:\windows\system32\drivers\naiavf5x.sys
    2010-11-27 03:53:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee.com
    2010-11-27 03:52:56 349760 ----a-w- c:\windows\system32\mcinsctl.dll
    2010-11-27 03:52:56 288320 ----a-w- c:\windows\system32\mcgdmgr.dll
    2010-11-27 03:52:56 -------- d-----w- c:\program files\McAfee.com
    2010-11-27 03:51:24 23552 ----a-w- c:\windows\system32\jesterss.dll
    2010-11-27 03:51:24 1239209 ----a-w- c:\windows\system32\gtw_logo.scr
    2010-11-27 03:51:24 -------- d-----w- c:\program files\gtw_logo
    2010-11-27 03:51:20 741376 ----a-w- c:\windows\system32\BigFixSuppress.exe
    2010-11-27 03:51:20 741376 ----a-w- c:\windows\system32\BigFixShortcutInStartup.exe
    2010-11-27 03:51:18 67072 ----a-w- c:\windows\POWERCFG.EXE
    2010-11-27 03:51:18 -------- d-----w- c:\program files\AMD Live!
    2010-11-27 03:49:59 171776 -c--a-w- c:\windows\system32\dllcache\kmixer.sys
    2010-11-27 03:48:08 -------- d-----w- c:\program files\MSN Encarta Plus
    2010-11-27 03:46:49 -------- d-----w- c:\program files\common files\aolshare
    2010-11-27 03:45:26 -------- d-----w- c:\program files\Microsoft Digital Image 2006
    2010-11-27 03:45:21 89088 ----a-r- c:\windows\system32\atl71.dll
    2010-11-27 03:45:21 57344 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2010-11-27 03:43:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\WildTangent
    2010-11-27 03:43:36 -------- d-----w- c:\windows\wt
    2010-11-27 03:43:35 -------- d-----w- c:\program files\WildTangent
    2010-11-27 03:43:30 -------- d-----w- c:\program files\Gateway Games
    2010-11-27 03:43:16 20480 ----a-w- c:\windows\system32\Marker32.exe
    2010-11-27 03:43:06 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
    2010-11-27 03:42:38 94208 ----a-w- c:\windows\system32\bae.dll
    2010-11-27 03:42:31 13352 ----a-w- c:\windows\BigFixClientOverride.dll
    2010-11-27 03:42:31 -------- d-----w- c:\program files\BigFix
    2010-11-27 03:41:37 -------- d-----w- c:\program files\Digital Media Reader
    2010-11-27 03:41:30 -------- d-----w- c:\windows\Downloaded Installations
    2010-11-27 03:40:32 25840 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
    2010-11-27 03:40:32 24816 ----a-w- c:\windows\system32\mdimon.dll
    2010-11-27 03:40:07 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-11-27 03:39:51 -------- d-----w- c:\windows\SHELLNEW
    2010-11-27 03:38:25 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2010-11-27 03:38:25 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2010-11-27 03:38:25 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
    2010-11-27 03:38:25 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2010-11-27 03:38:23 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
    2010-11-27 03:36:42 -------- d-----w- c:\windows\system32\ReinstallBackups
    2010-11-27 03:35:57 -------- d-----w- c:\program files\CONEXANT
    2010-11-27 03:35:36 17024 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2010-11-27 03:24:44 -------- d-----w- c:\windows\creator
    2010-11-27 03:22:58 102457 ----a-w- c:\windows\system32\usrv42a.dll
    2010-11-27 03:21:56 35328 ----a-w- c:\windows\system32\pid.dll
    2010-11-27 03:20:59 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
    2010-11-27 00:01:40 -------- d-----w- C:\My Backup -- 10-11-26 0501PM
    2010-11-26 05:51:24 -------- d-----w- C:\My Backup -- 10-11-25 1051PM
    2010-11-26 01:05:45 -------- d-----w- C:\My Backup -- 10-11-25 0605PM

    ==================== Find3M ====================

    2010-11-27 03:47:30 24576 ----a-w- c:\windows\system32\prefscpl.cpl

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3250824A rev.3.AAE -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x868C0566]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x868c6624]; MOV EAX, [0x868c66a0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EEF9C] -> \Device\Harddisk0\DR0[0x86930030]
    3 CLASSPNP[0xF763005B] -> ntkrnlpa!IofCallDriver[0x804EEF9C] -> \Device\000000a9[0x8691DF18]
    5 ACPI[0xF7426620] -> ntkrnlpa!IofCallDriver[0x804EEF9C] -> [0x86930940]
    \Driver\atapi[0x86953BA8] -> IRP_MJ_CREATE -> 0x868C0566
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3250824A______________________________3.AAE___#5&6da396e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x868C03B2
    user != kernel MBR !!!
    sectors 488397166 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 15:18:19.43 ===============



    DDS Attach Log:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-27.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/26/2010 8:17:02 PM
    System Uptime: 11/27/2010 3:15:15 PM (0 hours ago)

    Motherboard: C51PVGM-GB | | C51PVGM-GB
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2009/201mhz
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2009/201mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 228 GiB total, 210.925 GiB free.
    D: is Removable
    E: is Removable
    F: is Removable
    G: is Removable
    H: is FIXED (FAT32) - 5 GiB total, 2.108 GiB free.
    I: is CDROM ()
    J: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\AWY0001\2&DABA3FF&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
    Service:

    ==== System Restore Points ===================

    RP1: 11/26/2010 8:17:06 PM - System Checkpoint

    ==== Installed Programs ======================

    Adobe Reader 7.0
    America Online (Choose which version to remove)
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Connectivity Services
    AOL Spyware Protection
    AOL You've Got Pictures Screensaver
    avast! Free Antivirus
    Bejeweled 2 Deluxe
    BigFix
    Blackhawk Striker 2
    Blasterball 2 Revolution
    Browser Address Error Redirector
    CCleaner
    Counter-Strike: Source
    Digital Media Reader
    Diner Dash
    DVD Solution
    FATE
    Gateway Game Console
    Google Chrome
    Google Update Helper
    gtw_logo
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB888795)
    Hotfix for Windows XP (KB891593)
    Hotfix for Windows XP (KB893357)
    Hotfix for Windows XP (KB895953)
    Hotfix for Windows XP (KB895961)
    Hotfix for Windows XP (KB896256)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB899337)
    Hotfix for Windows XP (KB899510)
    Hotfix for Windows XP (KB902841)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB909095)
    Hotfix for Windows XP (KB910728)
    Hotfix for Windows XP (KB912024)
    Hotfix for Windows XP (KB914906)
    J2SE Runtime Environment 5.0 Update 2
    Malwarebytes' Anti-Malware
    McAfee Uninstall Wizard
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Money 2006
    Microsoft Office Standard Edition 2003
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox (3.6.12)
    Multimedia Keyboard Driver
    Napster
    Napster Burn Engine
    NVIDIA Drivers
    NVIDIA PhysX
    Penguins!
    Polar Bowler
    Polar Golfer
    Power2Go 4.0
    PowerDVD
    Pure Networks Port Magic
    QuickTime
    RealPlayer Basic
    REALTEK GbE & FE Ethernet PCI NIC Driver
    Realtek High Definition Audio Driver
    Recovery Software Suite Gateway
    SCRABBLE
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917537)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Soft Data Fax Modem with SmartCP
    Sonic Encoders
    Steam
    Tradewinds
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Viewpoint Media Player
    WebFldrs XP
    WildTangent Web Driver
    Windows Genuine Advantage Validation Tool
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888239
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Media Center Edition 2005 KB914548

    ==== Event Viewer Messages From Past Week ========

    11/27/2010 2:49:56 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 2:49:56 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 2:49:56 PM, error: Service Control Manager [7034] - The McAfee WSC Integration service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 2:49:56 PM, error: Service Control Manager [7034] - The McAfee Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 2:49:56 PM, error: Service Control Manager [7034] - The McAfee SpamKiller Server service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 2:49:56 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
    11/27/2010 2:49:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL TopSpeed Monitor service to connect.
    11/27/2010 2:46:54 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    11/27/2010 2:46:53 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 12:55:59 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    11/27/2010 12:28:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/27/2010 11:32:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips Processor
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Windows Time service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:43 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/26/2010 8:26:43 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/26/2010 8:26:43 PM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
    11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
    11/26/2010 8:26:42 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/26/2010 8:26:42 PM, error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: The device is not ready.

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    You're running two AV programs, Avast and McAfee.
    One of them has to go.
    If McAfee (preferably), use this tool to uninstall it: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

    Then...

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    I uninstalled McAfee and I haven't gotten the Remind_XP.exe error yet

    Heres the log for TDSSKiller :


    2010/11/27 16:55:09.0781 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31
    2010/11/27 16:55:09.0781 ================================================================================
    2010/11/27 16:55:09.0781 SystemInfo:
    2010/11/27 16:55:09.0781
    2010/11/27 16:55:09.0781 OS Version: 5.1.2600 ServicePack: 2.0
    2010/11/27 16:55:09.0781 Product type: Workstation
    2010/11/27 16:55:09.0781 ComputerName: YOUR-A5747C8268
    2010/11/27 16:55:09.0781 UserName: Owner
    2010/11/27 16:55:09.0781 Windows directory: C:\WINDOWS
    2010/11/27 16:55:09.0781 System windows directory: C:\WINDOWS
    2010/11/27 16:55:09.0781 Processor architecture: Intel x86
    2010/11/27 16:55:09.0781 Number of processors: 2
    2010/11/27 16:55:09.0781 Page size: 0x1000
    2010/11/27 16:55:09.0781 Boot type: Normal boot
    2010/11/27 16:55:09.0781 ================================================================================
    2010/11/27 16:55:10.0203 Initialize success
    2010/11/27 16:55:19.0015 ================================================================================
    2010/11/27 16:55:19.0015 Scan started
    2010/11/27 16:55:19.0015 Mode: Manual;
    2010/11/27 16:55:19.0015 ================================================================================
    2010/11/27 16:55:19.0531 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2010/11/27 16:55:19.0640 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2010/11/27 16:55:19.0656 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/11/27 16:55:19.0671 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2010/11/27 16:55:19.0687 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2010/11/27 16:55:19.0750 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    2010/11/27 16:55:19.0781 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
    2010/11/27 16:55:19.0796 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2010/11/27 16:55:19.0812 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2010/11/27 16:55:19.0875 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2010/11/27 16:55:19.0890 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2010/11/27 16:55:19.0906 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2010/11/27 16:55:19.0968 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2010/11/27 16:55:19.0984 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2010/11/27 16:55:20.0015 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2010/11/27 16:55:20.0031 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2010/11/27 16:55:20.0093 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/11/27 16:55:20.0109 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2010/11/27 16:55:20.0125 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2010/11/27 16:55:20.0156 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2010/11/27 16:55:20.0218 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2010/11/27 16:55:20.0234 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
    2010/11/27 16:55:20.0265 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
    2010/11/27 16:55:20.0312 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
    2010/11/27 16:55:20.0328 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
    2010/11/27 16:55:20.0390 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/11/27 16:55:20.0421 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/11/27 16:55:20.0500 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/11/27 16:55:20.0531 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/11/27 16:55:20.0578 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/11/27 16:55:20.0609 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2010/11/27 16:55:20.0625 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/11/27 16:55:20.0640 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2010/11/27 16:55:20.0687 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/11/27 16:55:20.0703 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/11/27 16:55:20.0750 Cdr4_xp (2552670e5fbcfdb540eeb426af39704d) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    2010/11/27 16:55:20.0765 Cdralw2k (b761b10d6a541be69ea448a8429d30b0) C:\WINDOWS\system32\drivers\Cdralw2k.sys
    2010/11/27 16:55:20.0796 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/11/27 16:55:20.0859 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2010/11/27 16:55:20.0875 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2010/11/27 16:55:20.0890 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/11/27 16:55:20.0921 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2010/11/27 16:55:20.0953 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2010/11/27 16:55:20.0968 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2010/11/27 16:55:20.0984 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/11/27 16:55:21.0062 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/11/27 16:55:21.0093 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    2010/11/27 16:55:21.0109 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/11/27 16:55:21.0187 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/11/27 16:55:21.0218 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2010/11/27 16:55:21.0234 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/11/27 16:55:21.0281 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/11/27 16:55:21.0312 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/11/27 16:55:21.0328 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    2010/11/27 16:55:21.0359 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/11/27 16:55:21.0421 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/11/27 16:55:21.0437 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/11/27 16:55:21.0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/11/27 16:55:21.0515 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/11/27 16:55:21.0578 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/11/27 16:55:21.0609 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/11/27 16:55:21.0640 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2010/11/27 16:55:21.0703 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    2010/11/27 16:55:21.0796 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    2010/11/27 16:55:21.0890 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/11/27 16:55:21.0953 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2010/11/27 16:55:21.0968 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2010/11/27 16:55:22.0000 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/11/27 16:55:22.0062 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
    2010/11/27 16:55:22.0140 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/11/27 16:55:22.0171 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2010/11/27 16:55:22.0390 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/11/27 16:55:22.0468 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/11/27 16:55:22.0484 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/11/27 16:55:22.0500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/11/27 16:55:22.0531 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/11/27 16:55:22.0562 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/11/27 16:55:22.0578 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/11/27 16:55:22.0593 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/11/27 16:55:22.0625 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/11/27 16:55:22.0656 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/11/27 16:55:22.0671 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/11/27 16:55:22.0734 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/11/27 16:55:22.0796 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/11/27 16:55:22.0890 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2010/11/27 16:55:22.0937 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2010/11/27 16:55:22.0968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/11/27 16:55:23.0000 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    2010/11/27 16:55:23.0015 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/11/27 16:55:23.0031 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/11/27 16:55:23.0062 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/11/27 16:55:23.0093 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2010/11/27 16:55:23.0125 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/11/27 16:55:23.0156 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/11/27 16:55:23.0203 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/11/27 16:55:23.0250 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/11/27 16:55:23.0281 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/11/27 16:55:23.0296 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/11/27 16:55:23.0343 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/11/27 16:55:23.0359 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/11/27 16:55:23.0390 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/11/27 16:55:23.0453 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/11/27 16:55:23.0468 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/11/27 16:55:23.0484 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/11/27 16:55:23.0500 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/11/27 16:55:23.0515 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/11/27 16:55:23.0546 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/11/27 16:55:23.0593 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/11/27 16:55:23.0609 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/11/27 16:55:23.0640 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/11/27 16:55:23.0687 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/11/27 16:55:23.0937 nv (9e143fb3ef13b7ec1c1dd06529debadd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/11/27 16:55:24.0281 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    2010/11/27 16:55:24.0312 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    2010/11/27 16:55:24.0359 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/11/27 16:55:24.0390 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/11/27 16:55:24.0421 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/11/27 16:55:24.0484 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/11/27 16:55:24.0500 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/11/27 16:55:24.0531 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/11/27 16:55:24.0546 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/11/27 16:55:24.0578 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/11/27 16:55:24.0593 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2010/11/27 16:55:24.0671 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2010/11/27 16:55:24.0703 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2010/11/27 16:55:24.0734 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/11/27 16:55:24.0765 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
    2010/11/27 16:55:24.0781 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/11/27 16:55:24.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/11/27 16:55:24.0828 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/11/27 16:55:24.0843 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2010/11/27 16:55:24.0859 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2010/11/27 16:55:24.0875 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2010/11/27 16:55:24.0890 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2010/11/27 16:55:24.0906 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2010/11/27 16:55:24.0953 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/11/27 16:55:24.0968 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/11/27 16:55:24.0984 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/11/27 16:55:25.0000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/11/27 16:55:25.0031 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/11/27 16:55:25.0046 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/11/27 16:55:25.0078 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/11/27 16:55:25.0125 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/11/27 16:55:25.0156 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/11/27 16:55:25.0218 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    2010/11/27 16:55:25.0234 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/11/27 16:55:25.0281 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/11/27 16:55:25.0296 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/11/27 16:55:25.0328 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/11/27 16:55:25.0375 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2010/11/27 16:55:25.0390 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2010/11/27 16:55:25.0453 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
    2010/11/27 16:55:25.0484 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/11/27 16:55:25.0531 Srv (e03b4ea274c9e509cca7f9f0cec24232) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/11/27 16:55:25.0578 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/11/27 16:55:25.0640 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/11/27 16:55:25.0671 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2010/11/27 16:55:25.0687 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2010/11/27 16:55:25.0703 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2010/11/27 16:55:25.0718 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2010/11/27 16:55:25.0781 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/11/27 16:55:25.0828 Tcpip (1dbf125862891817f374f407626967f4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/11/27 16:55:25.0875 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/11/27 16:55:25.0890 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/11/27 16:55:25.0937 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/11/27 16:55:25.0968 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2010/11/27 16:55:26.0015 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/11/27 16:55:26.0031 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2010/11/27 16:55:26.0062 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/11/27 16:55:26.0093 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/11/27 16:55:26.0125 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/11/27 16:55:26.0140 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/11/27 16:55:26.0203 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2010/11/27 16:55:26.0265 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/11/27 16:55:26.0312 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/11/27 16:55:26.0343 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    2010/11/27 16:55:26.0359 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2010/11/27 16:55:26.0375 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/11/27 16:55:26.0406 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/11/27 16:55:26.0437 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/11/27 16:55:26.0500 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    2010/11/27 16:55:26.0578 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/11/27 16:55:26.0656 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2010/11/27 16:55:26.0781 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/11/27 16:55:26.0796 ================================================================================
    2010/11/27 16:55:26.0796 Scan finished
    2010/11/27 16:55:26.0796 ================================================================================
    2010/11/27 16:55:26.0812 Detected object count: 1
    2010/11/27 16:55:45.0171 \HardDisk0 - will be cured after reboot
    2010/11/27 16:55:45.0171 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2010/11/27 16:55:53.0437 Deinitialize success
     
  4. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    Sorry about this, this is a test post, I didn't read correctly if I had to wait for my post to be posted, after my scan it rebooted too fast for me to see.

    Edit : Sorry the next post will be a double post I posted again and got to read it it said "You will have to wait for a moderator to approve your post"
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good job :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    I had difficulties with the first download but the second one worked fine.

    Here are the Logs :

    MBRCheck:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x000003fc

    Kernel Drivers (total 183):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E2000 \WINDOWS\system32\hal.dll
    0xF7A4F000 \WINDOWS\system32\KDCOM.DLL
    0xF795F000 \WINDOWS\system32\BOOTVID.dll
    0xF7420000 ACPI.sys
    0xF7A51000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF740F000 pci.sys
    0xF754F000 isapnp.sys
    0xF755F000 ohci1394.sys
    0xF756F000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF7963000 compbatt.sys
    0xF7967000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7B17000 pciide.sys
    0xF77CF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7A53000 aliide.sys
    0xF7A55000 intelide.sys
    0xF7A57000 toside.sys
    0xF7A59000 viaide.sys
    0xF7A5B000 cmdide.sys
    0xF73F1000 pcmcia.sys
    0xF757F000 MountMgr.sys
    0xF73D2000 ftdisk.sys
    0xF7A5D000 dmload.sys
    0xF73AC000 dmio.sys
    0xF796B000 ACPIEC.sys
    0xF7B18000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF77D7000 PartMgr.sys
    0xF758F000 VolSnap.sys
    0xF796F000 cpqarray.sys
    0xF7394000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xF72BE000 IASTOR.SYS
    0xF72A6000 atapi.sys
    0xF7973000 aha154x.sys
    0xF77DF000 sparrow.sys
    0xF7977000 symc810.sys
    0xF759F000 aic78xx.sys
    0xF797B000 dac960nt.sys
    0xF75AF000 ql10wnt.sys
    0xF797F000 amsint.sys
    0xF77E7000 asc.sys
    0xF7983000 asc3550.sys
    0xF77EF000 mraid35x.sys
    0xF77F7000 i2omp.sys
    0xF7987000 ini910u.sys
    0xF75BF000 ql1240.sys
    0xF75CF000 aic78u2.sys
    0xF77FF000 symc8xx.sys
    0xF7807000 sym_hi.sys
    0xF780F000 sym_u3.sys
    0xF7817000 ABP480N5.SYS
    0xF781F000 asc3350p.sys
    0xF7A5F000 cd20xrnt.sys
    0xF75DF000 ultra.sys
    0xF728D000 adpu160m.sys
    0xF7827000 dpti2o.sys
    0xF75EF000 ql1080.sys
    0xF75FF000 ql1280.sys
    0xF760F000 ql12160.sys
    0xF782F000 perc2.sys
    0xF7A61000 perc2hib.sys
    0xF7837000 hpn.sys
    0xF798B000 cbidf2k.sys
    0xF7261000 dac2w2k.sys
    0xF761F000 disk.sys
    0xF762F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7242000 fltMgr.sys
    0xF7230000 sr.sys
    0xF783F000 PxHelp20.sys
    0xF7219000 KSecDD.sys
    0xF718C000 Ntfs.sys
    0xF715F000 NDIS.sys
    0xF763F000 sisagp.sys
    0xF764F000 viaagp.sys
    0xF7144000 Mup.sys
    0xF765F000 alim1541.sys
    0xF766F000 amdagp.sys
    0xF767F000 agp440.sys
    0xF768F000 agpCPQ.sys
    0xF77BF000 \SystemRoot\system32\DRIVERS\processr.sys
    0xF6A31000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xF6A1D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF794F000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xF69FA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7957000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7134000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7124000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
    0xF7114000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7104000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF69D7000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF784F000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
    0xF69A0000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
    0xF68A3000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    0xF67F6000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF788F000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF70F4000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF67D1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF7A2F000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
    0xF6787000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
    0xF6750000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
    0xF7897000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF70E4000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF7A33000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF6715000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF70D4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF789F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7BF2000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF70C4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7A37000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF665E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF70B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF70A4000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF78A7000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6625000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF76BF000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF78AF000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF78B7000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF78BF000 \SystemRoot\system32\DRIVERS\wanatw4.sys
    0xF6162000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF76CF000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF78C7000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7A75000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF612E000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7078000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF76DF000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF76FF000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7A79000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF3C07000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xF3BE5000 \SystemRoot\system32\drivers\portcls.sys
    0xF771F000 \SystemRoot\system32\drivers\drmk.sys
    0xF772F000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
    0xF7A7D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF78D7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF78DF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xF7A7F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7B68000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7A81000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF78EF000 \SystemRoot\System32\drivers\vga.sys
    0xF7A83000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7A85000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF78F7000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF78FF000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7034000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xF3AEA000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF3A92000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF775F000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xF3A71000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF3A49000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF776F000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF3A27000 \SystemRoot\System32\drivers\afd.sys
    0xF777F000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF778F000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF39FC000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF398D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF779F000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF3966000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xF7917000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xF391B000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF3903000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7A89000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF663A000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7927000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7BD4000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xF799F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xBA7AC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xBA609000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xBA20C000 \SystemRoot\system32\drivers\wdmaud.sys
    0xBA361000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF3613000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB9EE8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7AE1000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB9D67000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB9EB4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xB9C4D000 \SystemRoot\system32\DRIVERS\srv.sys
    0xF61A3000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xB94C9000 \SystemRoot\system32\drivers\kmixer.sys
    0xB95F3000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB9A2B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA239000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF7A77000 \SystemRoot\system32\drivers\splitter.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 47):
    0 System Idle Process
    4 System
    620 C:\WINDOWS\system32\smss.exe
    676 csrss.exe
    700 C:\WINDOWS\system32\winlogon.exe
    744 C:\WINDOWS\system32\services.exe
    756 C:\WINDOWS\system32\lsass.exe
    928 C:\WINDOWS\system32\svchost.exe
    976 svchost.exe
    1072 C:\WINDOWS\system32\svchost.exe
    1196 svchost.exe
    1236 svchost.exe
    1420 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1572 C:\WINDOWS\explorer.exe
    1924 C:\WINDOWS\ehome\ehtray.exe
    1940 C:\Program Files\Digital Media Reader\readericon45G.exe
    1948 C:\WINDOWS\zHotkey.exe
    2000 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    2008 C:\WINDOWS\system32\spoolsv.exe
    2016 C:\WINDOWS\RTHDCPL.exe
    196 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    204 C:\Program Files\QuickTime\qttask.exe
    244 C:\WINDOWS\system32\rundll32.exe
    292 C:\Program Files\BigFix\bigfix.exe
    320 C:\Program Files\Common Files\AOL\1290829611\EE\AOLHostManager.exe
    396 C:\PROGRA~1\COMMON~1\AOL\129082~1\EE\AOLServiceHost.exe
    1156 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    1176 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    1280 C:\WINDOWS\ehome\ehrecvr.exe
    1248 aoltpspd.exe
    1364 C:\WINDOWS\ehome\ehSched.exe
    1916 C:\WINDOWS\system32\nvsvc32.exe
    2080 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    2120 svchost.exe
    2376 mcrdsvc.exe
    3120 C:\Program Files\Google\Chrome\Application\chrome.exe
    3172 alg.exe
    3472 C:\WINDOWS\ehome\ehmsas.exe
    3852 C:\WINDOWS\system32\svchost.exe
    4052 C:\WINDOWS\system32\dllhost.exe
    2324 C:\WINDOWS\system32\wscntfy.exe
    2760 C:\Program Files\Google\Chrome\Application\chrome.exe
    2644 C:\Program Files\Google\Chrome\Application\chrome.exe
    2676 C:\WINDOWS\system32\wuauclt.exe
    1312 C:\Program Files\Google\Chrome\Application\chrome.exe
    2836 C:\Program Files\Steam\Steam.exe
    2660 C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`57acfa00 (NTFS)
    \\.\H: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: ST3250824A, Rev: 3.AAE

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Gateway MBR code detected
    SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD


    Done!


    ComboFix :


    ComboFix 10-11-27.01 - Owner 11/27/2010 20:57:48.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.318 [GMT -8:00]
    Running from: c:\documents and settings\Owner.YOUR-A5747C8268\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    H:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-28 )))))))))))))))))))))))))))))))
    .

    2010-11-28 01:32 . 2010-11-28 01:32 -------- d-----w- c:\windows\LastGood
    2010-11-27 21:32 . 2010-11-27 21:32 -------- d-s---w- c:\documents and settings\LocalService\UserData
    2010-11-27 20:40 . 2010-11-27 20:40 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2010-11-27 19:29 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-27 19:29 . 2010-11-27 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-27 18:53 . 2010-11-27 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-27 18:53 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-27 18:42 . 2010-11-27 18:43 -------- d-----w- c:\program files\CCleaner
    2010-11-27 05:35 . 2010-11-27 05:35 -------- d-----w- c:\program files\AIM
    2010-11-27 05:35 . 2010-11-27 05:35 -------- d-----w- c:\program files\HLDJ
    2010-11-27 05:35 . 2010-11-27 05:35 -------- d-----w- c:\program files\GoldWave
    2010-11-27 05:35 . 2010-11-27 05:35 -------- d-----w- c:\program files\Illustrate
    2010-11-27 05:35 . 2010-11-27 05:36 -------- d-----w- c:\program files\Warcraft III
    2010-11-27 05:31 . 2010-11-27 05:31 -------- d-----w- c:\windows\system32\LogFiles
    2010-11-27 05:31 . 2010-11-27 05:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-11-27 05:30 . 2010-11-27 05:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-11-27 05:21 . 2010-11-27 05:21 -------- d-----w- c:\windows\system32\AGEIA
    2010-11-27 05:21 . 2010-11-27 05:22 -------- d-----w- c:\program files\AGEIA Technologies
    2010-11-27 05:20 . 2010-11-27 05:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-11-27 05:20 . 2010-11-27 05:20 -------- d-----w- c:\windows\nview
    2010-11-27 05:20 . 2009-01-15 16:19 453152 ----a-w- c:\windows\system32\nvudisp.exe
    2010-11-27 05:18 . 2010-11-27 05:18 -------- d-----w- C:\NVIDIA
    2010-11-27 04:37 . 2010-11-27 04:37 -------- d-----w- c:\windows\Sun
    2010-11-27 04:34 . 2010-11-28 04:00 -------- d-----w- c:\program files\Steam
    2010-11-27 04:27 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-11-27 04:27 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-11-27 04:27 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-11-27 04:27 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-11-27 04:27 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-11-27 04:27 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-11-27 04:27 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-11-27 04:26 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-11-27 04:26 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-11-27 04:26 . 2010-11-27 04:26 -------- d-----w- c:\program files\Alwil Software
    2010-11-27 04:26 . 2010-11-27 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-11-27 04:17 . 2010-11-27 03:50 49152 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
    2010-11-27 04:17 . 2010-11-27 03:50 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
    2010-11-27 04:17 . 2010-11-27 03:50 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
    2010-11-27 04:17 . 2010-11-27 03:52 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
    2010-11-27 04:17 . 2010-11-27 03:47 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
    2010-11-27 04:17 . 2010-11-27 03:19 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
    2010-11-27 04:00 . 2010-11-28 00:56 -------- d-----w- c:\windows\system32\Lang
    2010-11-27 03:55 . 2006-04-21 06:12 332800 -c--a-w- c:\windows\system32\dllcache\srv.sys
    2010-11-27 03:55 . 2006-05-19 12:59 94720 -c--a-w- c:\windows\system32\dllcache\iphlpapi.dll
    2010-11-27 03:55 . 2006-05-19 12:59 148480 -c--a-w- c:\windows\system32\dllcache\dnsapi.dll
    2010-11-27 03:55 . 2006-05-19 12:59 111616 -c--a-w- c:\windows\system32\dllcache\dhcpcsvc.dll
    2010-11-27 03:55 . 2006-06-22 10:47 181248 -c--a-w- c:\windows\system32\dllcache\rasmans.dll
    2010-11-27 03:52 . 2010-11-27 03:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\SampleView
    2010-11-27 03:51 . 2010-11-27 04:17 -------- d-----w- c:\documents and settings\Owner
    2010-11-27 03:51 . 2010-11-27 03:51 -------- d-----w- c:\program files\gtw_logo
    2010-11-27 03:51 . 2006-02-06 20:24 1239209 ----a-w- c:\windows\system32\gtw_logo.scr
    2010-11-27 03:51 . 2003-07-03 23:48 23552 ----a-w- c:\windows\system32\jesterss.dll
    2010-11-27 03:51 . 2010-11-27 04:27 -------- d-----w- c:\program files\Google
    2010-11-27 03:51 . 2006-05-24 17:28 741376 ----a-w- c:\windows\system32\BigFixShortcutInStartup.exe
    2010-11-27 03:51 . 2006-05-24 17:28 741376 ----a-w- c:\windows\system32\BigFixSuppress.exe
    2010-11-27 03:51 . 2010-11-27 03:51 -------- d-----w- c:\program files\AMD Live!
    2010-11-27 03:51 . 2003-03-25 13:00 67072 ----a-w- c:\windows\POWERCFG.EXE
    2010-11-27 03:49 . 2004-08-04 07:07 171776 -c--a-w- c:\windows\system32\dllcache\kmixer.sys
    2010-11-27 03:48 . 2010-11-27 03:48 -------- d-----w- c:\program files\Microsoft Works
    2010-11-27 03:48 . 2010-11-27 03:48 -------- d-----w- c:\program files\MSN Encarta Plus
    2010-11-27 03:46 . 2010-11-27 03:48 -------- d-----w- c:\program files\America Online 9.0
    2010-11-27 03:45 . 2010-11-27 03:45 -------- d-----w- c:\program files\Microsoft Digital Image 2006
    2010-11-27 03:45 . 2010-11-27 03:45 -------- d-----w- c:\program files\Common Files\Adobe
    2010-11-27 03:45 . 2004-12-14 10:19 57344 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2010-11-27 03:45 . 2003-03-19 05:05 89088 ----a-r- c:\windows\system32\atl71.dll
    2010-11-27 03:43 . 2010-11-27 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
    2010-11-27 03:43 . 2010-11-27 03:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Wildtangent
    2010-11-27 03:43 . 2010-11-27 03:43 -------- d-----w- c:\windows\wt
    2010-11-27 03:43 . 2010-11-27 03:43 -------- d-----w- c:\program files\WildTangent
    2010-11-27 03:43 . 2010-11-27 03:45 -------- d-----w- c:\program files\Gateway Games
    2010-11-27 03:43 . 2004-09-04 00:07 20480 ----a-w- c:\windows\system32\Marker32.exe
    2010-11-27 03:43 . 2005-03-04 11:36 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
    2010-11-27 03:42 . 2010-11-27 03:43 -------- d-----w- c:\program files\Java
    2010-11-27 03:42 . 2010-11-27 03:42 -------- d-----w- c:\program files\Common Files\Java
    2010-11-27 03:42 . 2010-11-27 03:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
    2010-11-27 03:42 . 2006-01-31 19:54 94208 ----a-w- c:\windows\system32\bae.dll
    2010-11-27 03:42 . 2010-11-27 03:42 -------- d-----w- c:\program files\BigFix
    2010-11-27 03:42 . 2005-10-11 20:48 13352 ----a-w- c:\windows\BigFixClientOverride.dll
    2010-11-27 03:41 . 2010-11-27 03:41 -------- d-----w- c:\program files\Digital Media Reader
    2010-11-27 03:41 . 2010-11-27 03:41 -------- d-----w- c:\windows\Downloaded Installations
    2010-11-27 03:40 . 2004-03-22 23:17 25840 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
    2010-11-27 03:40 . 2004-03-22 23:17 24816 ----a-w- c:\windows\system32\mdimon.dll
    2010-11-27 03:40 . 2010-11-27 03:40 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-11-27 03:39 . 2010-11-27 03:40 -------- d-----w- c:\windows\SHELLNEW
    2010-11-27 03:39 . 2010-11-27 03:39 -------- d-----w- c:\program files\Microsoft.NET
    2010-11-27 03:39 . 2010-11-27 03:39 -------- d-----r- C:\MSOCache
    2010-11-27 03:38 . 2010-11-27 03:50 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-11-27 03:38 . 2010-11-27 03:38 -------- d-----w- c:\program files\CyberLink
    2010-11-27 03:38 . 2010-11-27 03:46 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-11-27 03:36 . 2010-11-27 03:19 -------- d-----w- c:\documents and settings\Default User\WINDOWS
    2010-11-27 03:35 . 2010-11-27 03:35 -------- d-----w- c:\program files\CONEXANT
    2010-11-27 03:35 . 2004-08-04 07:08 17024 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2010-11-27 03:24 . 2010-11-27 03:54 -------- d-----w- c:\windows\creator
    2010-11-27 03:22 . 2001-08-17 22:36 102457 ----a-w- c:\windows\system32\usrv42a.dll
    2010-11-27 03:21 . 2004-08-04 00:56 35328 ----a-w- c:\windows\system32\pid.dll
    2010-11-27 03:20 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
    2010-11-27 00:01 . 2010-11-27 03:14 -------- d-----w- C:\My Backup -- 10-11-26 0501PM
    2010-11-26 05:51 . 2010-11-27 03:11 -------- d-----w- C:\My Backup -- 10-11-25 1051PM
    2010-11-26 01:05 . 2010-11-27 03:09 -------- d-----w- C:\My Backup -- 10-11-25 0605PM

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    "Steam"="c:\program files\Steam\Steam.exe" [2010-11-27 1242448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
    "readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
    "CHotkey"="zHotkey.exe" [2004-12-09 550912]
    "HostManager"="c:\program files\Common Files\AOL\1290829611\EE\AOLHostManager.exe" [2004-11-03 125528]
    "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
    "RTHDCPL"="RTHDCPL.EXE" [2005-11-09 15473664]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-27 98304]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
    "nwiz"="nwiz.exe" [2009-01-15 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BigFix.lnk - c:\program files\BigFix\bigfix.exe [2010-11-26 2168360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:e82eaa99b39

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1290829611\\EE\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/26/2010 8:27 PM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/26/2010 8:27 PM 17744]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2010 8:27 PM 136176]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 04:27]

    2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 04:27]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Owner.YOUR-A5747C8268\Application Data\Mozilla\Firefox\Profiles\i1ag7lk2.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    .

    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    Completion time: 2010-11-27 21:03:06
    ComboFix-quarantined-files.txt 2010-11-28 05:03

    Pre-Run: 226,240,909,312 bytes free
    Post-Run: 226,202,972,160 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - 90AF4D4406E4BC4974E5EDDC88A97FAC
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    The log looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    OLG.txt Part 1

    Computers doing great! Although, I've been getting the Generic Host Process for Win32 Services Error, but I didn't want to mention it in this thread because my friends (the one who call you god-tier :) ) advise me to upgrade to SP3. I no longer get the Remind_xp.exe pop up, Thanks alot!

    OLG:
    OTL logfile created on: 11/27/2010 9:56:51 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 430.00 Mb Available Physical Memory | 42.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 227.51 Gb Total Space | 210.61 Gb Free Space | 92.57% Space Free | Partition Type: NTFS
    Drive H: | 5.36 Gb Total Space | 2.11 Gb Free Space | 39.34% Space Free | Partition Type: FAT32
    Drive J: | 1.86 Gb Total Space | 1.11 Gb Free Space | 59.77% Space Free | Partition Type: FAT

    Computer Name: YOUR-A5747C8268 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/27 21:54:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads\OTL.exe
    PRC - [2010/11/26 20:34:53 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
    PRC - [2010/11/26 19:51:17 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2005/12/09 18:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
    PRC - [2005/10/11 12:47:58 | 002,168,360 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
    PRC - [2004/12/08 17:57:36 | 000,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
    PRC - [2004/11/03 13:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1290829611\EE\AOLHostManager.exe
    PRC - [2004/11/03 13:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1290829611\EE\AOLServiceHost.exe
    PRC - [2004/10/20 06:40:04 | 000,010,328 | ---- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    PRC - [2004/10/15 12:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    PRC - [2004/10/15 12:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    PRC - [2004/08/10 11:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/27 21:54:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads\OTL.exe
    MOD - [2004/08/10 11:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    MOD - [2001/07/02 20:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/26 19:51:17 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2004/10/20 06:40:04 | 000,010,328 | ---- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
    SRV - [2004/10/15 12:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2009/01/15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2005/11/09 10:44:12 | 004,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2005/10/12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
    DRV - [2005/07/28 10:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/07/28 10:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/03/16 16:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/03/16 16:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2005/03/16 16:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
    DRV - [2004/11/10 17:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2004/11/10 17:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2004/08/10 11:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2004/08/10 11:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2004/08/10 11:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2004/08/10 11:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2004/08/10 11:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2004/08/10 11:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2004/08/10 11:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2004/08/10 11:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2004/08/10 11:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2004/08/10 11:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2004/08/10 11:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2004/08/10 11:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2004/08/10 11:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2004/08/10 11:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2004/08/10 11:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2004/08/03 15:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2004/08/03 15:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2003/01/10 13:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/26 20:53:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/26 20:26:01 | 000,000,000 | ---D | M]

    [2010/11/26 20:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Mozilla\Extensions
    [2010/11/26 20:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Mozilla\Firefox\Profiles\i1ag7lk2.default\extensions
    [2010/11/26 20:26:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/11/27 21:01:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1290829611\EE\AOLHostManager.exe (America Online, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
    O4 - HKCU..\Run: [Power2GoExpress] File not found
    O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/06/17 01:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (aswBoot.exe /M:e82eaa99b39) - C:\WINDOWS\System32\aswBoot.exe (AVAST Software)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (54619756233228288)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/27 20:55:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/11/27 20:38:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/11/27 20:38:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/11/27 20:38:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/11/27 20:38:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/11/27 20:38:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/27 20:38:43 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/11/27 20:38:17 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/27 17:32:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2010/11/27 17:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2010/11/27 16:54:33 | 001,342,552 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\TDSSKiller.exe
    [2010/11/27 16:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\WinRAR
    [2010/11/27 16:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010/11/27 13:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/11/27 12:51:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\My Videos
    [2010/11/27 12:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/11/27 11:30:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2010/11/27 11:29:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/27 11:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/27 10:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Malwarebytes
    [2010/11/27 10:53:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/27 10:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/27 10:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads
    [2010/11/27 10:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/11/27 10:39:52 | 002,963,664 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\ccsetup301.exe
    [2010/11/26 21:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
    [2010/11/26 21:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\HLDJ
    [2010/11/26 21:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
    [2010/11/26 21:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Illustrate
    [2010/11/26 21:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Warcraft III
    [2010/11/26 21:31:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2010/11/26 21:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2010/11/26 21:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/11/26 21:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
    [2010/11/26 21:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
    [2010/11/26 21:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2010/11/26 21:20:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
    [2010/11/26 21:18:35 | 000,000,000 | ---D | C] -- C:\NVIDIA
    [2010/11/26 20:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\Mozilla
    [2010/11/26 20:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Mozilla
    [2010/11/26 20:37:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2010/11/26 20:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Macromedia
    [2010/11/26 20:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Adobe
    [2010/11/26 20:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
    [2010/11/26 20:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\Temp
    [2010/11/26 20:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\Google
    [2010/11/26 20:27:10 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/11/26 20:27:10 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/11/26 20:27:09 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/11/26 20:27:09 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/11/26 20:27:08 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/11/26 20:27:08 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/11/26 20:27:07 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/11/26 20:26:56 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/11/26 20:26:55 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/11/26 20:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/11/26 20:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/11/26 20:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/11/26 20:17:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft
    [2010/11/26 20:17:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Cookies
    [2010/11/26 20:17:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\SendTo
    [2010/11/26 20:17:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Recent
    [2010/11/26 20:17:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data
    [2010/11/26 20:17:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Start Menu
    [2010/11/26 20:17:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\My Pictures
    [2010/11/26 20:17:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\My Music
    [2010/11/26 20:17:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents
    [2010/11/26 20:17:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Favorites
    [2010/11/26 20:17:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Templates
    [2010/11/26 20:17:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\PrintHood
    [2010/11/26 20:17:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\NetHood
    [2010/11/26 20:17:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings
    [2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\You've Got Pictures Screensaver
    [2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\WINDOWS
    [2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\Wildtangent
    [2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\SampleView
    [2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\Microsoft
    [2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Identities
    [2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop
    [2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\ApplicationHistory
    [2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
    [2010/11/26 20:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
    [2010/11/26 19:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\gtw_logo
    [2010/11/26 19:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2010/11/26 19:51:20 | 000,741,376 | ---- | C] (New Boundary Technologies, Inc.) -- C:\WINDOWS\System32\BigFixSuppress.exe
    [2010/11/26 19:51:20 | 000,741,376 | ---- | C] (New Boundary Technologies, Inc.) -- C:\WINDOWS\System32\BigFixShortcutInStartup.exe
    [2010/11/26 19:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\AMD Live!
    [2010/11/26 19:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money 2006
    [2010/11/26 19:49:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
    [2010/11/26 19:49:11 | 002,807,808 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
    [2010/11/26 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2010/11/26 19:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
    [2010/11/26 19:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Encarta Plus
    [2010/11/26 19:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
    [2010/11/26 19:47:43 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
    [2010/11/26 19:47:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
    [2010/11/26 19:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/11/26 19:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
    [2010/11/26 19:47:34 | 000,000,000 | ---D | C] -- C:\My Music
    [2010/11/26 19:47:30 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
    [2010/11/26 19:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Real
    [2010/11/26 19:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
    [2010/11/26 19:47:23 | 000,102,400 | ---- | C] (4Developers LLC) -- C:\WINDOWS\System32\SimpleRegistry.dll
    [2010/11/26 19:47:23 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
    [2010/11/26 19:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/11/26 19:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
    [2010/11/26 19:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
    [2010/11/26 19:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
    [2010/11/26 19:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AolCoach
    [2010/11/26 19:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL Downloads
    [2010/11/26 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
    [2010/11/26 19:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
    [2010/11/26 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\America Online 9.0
    [2010/11/26 19:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
    [2010/11/26 19:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
    [2010/11/26 19:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2010/11/26 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Napster
    [2010/11/26 19:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 2006
    [2010/11/26 19:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/11/26 19:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010/11/26 19:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2010/11/26 19:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2010/11/26 19:43:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
    [2010/11/26 19:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent
    [2010/11/26 19:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Gateway Games
    [2010/11/26 19:43:16 | 000,020,480 | ---- | C] (Gateway) -- C:\WINDOWS\System32\Marker32.exe
    [2010/11/26 19:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010/11/26 19:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/11/26 19:42:38 | 000,094,208 | ---- | C] (Gateway Inc.) -- C:\WINDOWS\System32\bae.dll
    [2010/11/26 19:42:31 | 000,013,352 | ---- | C] (BigFix, Inc.) -- C:\WINDOWS\BigFixClientOverride.dll
    [2010/11/26 19:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\BigFix
    [2010/11/26 19:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Media Reader
    [2010/11/26 19:41:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
    [2010/11/26 19:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
    [2010/11/26 19:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2010/11/26 19:39:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
    [2010/11/26 19:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2010/11/26 19:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2010/11/26 19:39:23 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2010/11/26 19:38:26 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
    [2010/11/26 19:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
    [2010/11/26 19:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
    [2010/11/26 19:36:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
    [2010/11/26 19:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
    [2010/11/26 19:33:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2010/11/26 19:24:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\creator
    [2010/11/26 19:23:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SMINST
    [2010/11/26 19:23:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\I386
    [2010/11/26 16:01:40 | 000,000,000 | ---D | C] -- C:\My Backup -- 10-11-26 0501PM
    [2010/11/25 21:51:24 | 000,000,000 | ---D | C] -- C:\My Backup -- 10-11-25 1051PM
    [2010/11/25 17:05:45 | 000,000,000 | ---D | C] -- C:\My Backup -- 10-11-25 0605PM

    ========== Files - Modified Within 30 Days ==========

    [2010/11/27 21:32:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/27 21:01:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/11/27 20:55:25 | 000,000,314 | RHS- | M] () -- C:\boot.ini
    [2010/11/27 20:37:34 | 003,981,232 | R--- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\ComboFix.exe
    [2010/11/27 20:32:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/27 16:56:52 | 000,206,530 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/11/27 16:56:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/27 16:56:46 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/27 16:54:25 | 001,228,013 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\tdsskiller.zip
    [2010/11/27 12:51:01 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/11/27 12:51:01 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Windows Media Player.lnk
    [2010/11/27 11:29:22 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/27 10:43:47 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2010/11/27 10:39:55 | 002,963,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\ccsetup301.exe
    [2010/11/26 21:38:13 | 000,000,076 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Counter-Strike Source.url
    [2010/11/26 21:33:12 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
    [2010/11/26 21:32:16 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Internet.lnk
    [2010/11/26 21:10:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/11/26 20:33:13 | 001,588,224 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\SteamInstall.msi
    [2010/11/26 20:27:52 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/11/26 20:27:52 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/11/26 20:27:10 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/11/26 20:27:08 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/11/26 20:26:36 | 051,515,288 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\setup_av_free.exe
    [2010/11/26 20:26:04 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/26 20:26:04 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/11/26 20:17:32 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/26 20:17:25 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
    [2010/11/26 20:17:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/26 20:17:02 | 000,000,097 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2010/11/26 20:04:15 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
    [2010/11/26 20:01:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Gateway_GT5220__GCN6911003678.MRK
    [2010/11/26 20:01:18 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
    [2010/11/26 20:00:55 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
    [2010/11/26 20:00:54 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
    [2010/11/26 20:00:09 | 000,000,000 | ---- | M] () -- C:\REQUEST_OEMRESET_ENDUSER
    [2010/11/26 19:59:24 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/11/26 19:57:06 | 000,401,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/26 19:57:06 | 000,062,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/26 19:56:07 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/11/26 19:54:48 | 000,000,521 | ---- | M] () -- C:\WINDOWS\System32\emver.ini
    [2010/11/26 19:48:06 | 000,001,211 | -H-- | M] () -- C:\IPH.PH
    [2010/11/26 19:48:05 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL Trial Membership Included!.lnk
    [2010/11/26 19:48:05 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
    [2010/11/26 19:47:41 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
    [2010/11/26 19:47:30 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
    [2010/11/26 19:46:43 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2010/11/26 19:45:45 | 000,000,004 | ---- | M] () -- C:\WINDOWS\Pix11.dat
    [2010/11/26 19:45:08 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Gateway Games.lnk
    [2010/11/26 19:45:05 | 000,002,104 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
    [2010/11/26 19:42:31 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
    [2010/11/26 19:40:35 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2010/11/26 19:38:12 | 000,000,002 | ---- | M] () -- C:\AUDIT_INSTALL_IN_PROGRESS
    [2010/11/26 19:36:38 | 000,000,002 | RHS- | M] () -- C:\USER
    [2010/11/26 19:25:15 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSDRV.DAT
    [2010/11/26 15:40:16 | 001,342,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\TDSSKiller.exe
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

    ========== Files Created - No Company Name ==========
     
  9. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    OLG.txt Part 2

    [2010/11/27 20:55:25 | 000,000,199 | ---- | C] () -- C:\Boot.bak
    [2010/11/27 20:55:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/11/27 20:38:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/11/27 20:38:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/11/27 20:38:49 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/11/27 20:38:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/11/27 20:38:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/11/27 20:31:42 | 003,981,232 | R--- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\ComboFix.exe
    [2010/11/27 16:54:18 | 001,228,013 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\tdsskiller.zip
    [2010/11/27 12:51:01 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/11/27 12:28:45 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/27 11:29:22 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/27 10:43:47 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2010/11/26 21:38:13 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Counter-Strike Source.url
    [2010/11/26 21:32:16 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Internet.lnk
    [2010/11/26 21:20:30 | 000,206,530 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/11/26 21:20:27 | 000,018,725 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
    [2010/11/26 20:45:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/11/26 20:34:26 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
    [2010/11/26 20:33:22 | 001,588,224 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\SteamInstall.msi
    [2010/11/26 20:27:52 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/11/26 20:27:52 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/11/26 20:27:16 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/26 20:27:15 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/26 20:27:10 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/11/26 20:26:28 | 051,515,288 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\setup_av_free.exe
    [2010/11/26 20:26:04 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/26 20:26:04 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/11/26 20:17:27 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Windows Media Player.lnk
    [2010/11/26 20:17:17 | 000,002,104 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
    [2010/11/26 20:17:17 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
    [2010/11/26 20:17:17 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/26 20:17:17 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Gateway Games.lnk
    [2010/11/26 20:17:17 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
    [2010/11/26 20:17:17 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
    [2010/11/26 20:17:17 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2010/11/26 20:04:15 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
    [2010/11/26 20:01:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Gateway_GT5220__GCN6911003678.MRK
    [2010/11/26 20:01:18 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
    [2010/11/26 20:00:54 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
    [2010/11/26 20:00:52 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
    [2010/11/26 19:51:24 | 001,239,209 | ---- | C] () -- C:\WINDOWS\System32\gtw_logo.scr
    [2010/11/26 19:51:24 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
    [2010/11/26 19:51:24 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\gtw.ico
    [2010/11/26 19:51:18 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AMD Live!.url
    [2010/11/26 19:50:22 | 000,003,632 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
    [2010/11/26 19:50:22 | 000,001,864 | ---- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
    [2010/11/26 19:50:07 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2010/11/26 19:50:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2010/11/26 19:48:05 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL Trial Membership Included!.lnk
    [2010/11/26 19:46:43 | 000,001,211 | -H-- | C] () -- C:\IPH.PH
    [2010/11/26 19:46:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/11/26 19:46:04 | 000,550,912 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
    [2010/11/26 19:46:04 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
    [2010/11/26 19:46:04 | 000,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe
    [2010/11/26 19:46:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
    [2010/11/26 19:46:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
    [2010/11/26 19:46:04 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
    [2010/11/26 19:46:04 | 000,005,280 | ---- | C] () -- C:\WINDOWS\hotbtnv.vxd
    [2010/11/26 19:46:04 | 000,004,223 | ---- | C] () -- C:\WINDOWS\mHotkey.reg
    [2010/11/26 19:45:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
    [2010/11/26 19:42:38 | 000,002,238 | ---- | C] () -- C:\WINDOWS\System32\32-aol.ico
    [2010/11/26 19:42:38 | 000,001,406 | ---- | C] () -- C:\WINDOWS\System32\16-aol.ico
    [2010/11/26 19:42:31 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
    [2010/11/26 19:40:37 | 000,172,032 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\60 day trial - Office 2003.exe
    [2010/11/26 19:40:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/11/26 19:38:21 | 000,051,656 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.bmp
    [2010/11/26 19:38:12 | 000,000,002 | ---- | C] () -- C:\AUDIT_INSTALL_IN_PROGRESS
    [2010/11/26 19:36:38 | 000,000,002 | RHS- | C] () -- C:\USER
    [2010/11/26 19:36:38 | 000,000,000 | ---- | C] () -- C:\REQUEST_OEMRESET_ENDUSER
    [2010/11/26 19:25:15 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
    [2010/11/26 19:23:41 | 000,133,221 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
    [2010/11/26 19:21:32 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
    [2009/01/15 08:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2009/01/15 08:19:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2009/01/15 08:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2009/01/15 08:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2006/10/26 12:55:46 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
    [2006/10/26 12:53:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
    [2006/06/21 01:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/06/17 01:24:58 | 000,001,276 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2006/06/17 01:24:57 | 000,000,521 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
    [2006/06/16 18:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/05 20:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2010/11/26 20:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/11/26 19:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2010/11/26 19:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/11/26 19:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2010/11/26 19:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\SampleView

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/11/26 19:38:12 | 000,000,002 | ---- | M] () -- C:\AUDIT_INSTALL_IN_PROGRESS
    [2006/06/17 01:41:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2006/07/05 13:13:45 | 000,000,199 | ---- | M] () -- C:\Boot.bak
    [2010/11/27 20:55:25 | 000,000,314 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/11/27 21:03:06 | 000,015,235 | ---- | M] () -- C:\ComboFix.txt
    [2006/06/17 01:41:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/11/27 16:56:46 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
    [2006/06/17 01:41:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/11/26 19:48:06 | 000,001,211 | -H-- | M] () -- C:\IPH.PH
    [2006/06/17 01:41:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/10 11:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/10 11:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2010/11/27 16:56:46 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/26 19:39:12 | 000,000,090 | ---- | M] () -- C:\powerdvd.log
    [2010/11/26 20:00:09 | 000,000,000 | ---- | M] () -- C:\REQUEST_OEMRESET_ENDUSER
    [2010/11/27 16:55:53 | 000,046,196 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_27.11.2010_16.55.09_log.txt
    [2010/11/26 19:36:38 | 000,000,002 | RHS- | M] () -- C:\USER

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/10 11:00:00 | 000,000,067 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/06/16 18:30:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/06/16 18:30:11 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/06/16 18:30:11 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2006/06/17 01:41:25 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/11/26 20:17:32 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2006/06/17 01:46:25 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/26 21:16:41 | 075,837,104 | ---- | M] (NVIDIA Corporation ) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\181.22_geforce_winxp_32bit_english_whql.exe
    [2010/11/27 10:39:55 | 002,963,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\ccsetup301.exe
    [2010/11/27 20:37:34 | 003,981,232 | R--- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\ComboFix.exe
    [2010/11/26 20:21:26 | 008,567,280 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Firefox Setup 3.6.12.exe
    [2010/11/26 20:26:36 | 051,515,288 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\setup_av_free.exe
    [2010/11/26 15:40:16 | 001,342,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/11/26 20:17:31 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/11/27 21:55:10 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/10 11:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2004/08/10 11:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 07:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 07:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2004/08/04 07:06:34 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2004/08/04 07:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2004/10/13 15:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 07:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 07:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 07:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 07:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 07:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  10. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    Extras.txt

    OTL Extras logfile created on: 11/27/2010 9:56:51 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 430.00 Mb Available Physical Memory | 42.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 227.51 Gb Total Space | 210.61 Gb Free Space | 92.57% Space Free | Partition Type: NTFS
    Drive H: | 5.36 Gb Total Space | 2.11 Gb Free Space | 39.34% Space Free | Partition Type: FAT32
    Drive J: | 1.86 Gb Total Space | 1.11 Gb Free Space | 59.77% Space Free | Partition Type: FAT

    Computer Name: YOUR-A5747C8268 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
    "C:\Program Files\Common Files\AOL\1290829611\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1290829611\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
    "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
    "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
    "{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
    "{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
    "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
    "{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
    "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
    "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "America Online us" = America Online (Choose which version to remove)
    "AOL Connectivity Services" = AOL Connectivity Services
    "AOL Spyware Protection" = AOL Spyware Protection
    "AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
    "AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
    "avast5" = avast! Free Antivirus
    "BigFix" = BigFix
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
    "Gateway Game Console" = Gateway Game Console
    "Google Chrome" = Google Chrome
    "gtw_logo" = gtw_logo
    "InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
    "Money2006b" = Microsoft Money 2006
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "NVIDIA Drivers" = NVIDIA Drivers
    "PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
    "Port Magic" = Pure Networks Port Magic
    "QuickTime" = QuickTime
    "RealPlayer 6.0" = RealPlayer Basic
    "Steam App 240" = Counter-Strike: Source
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WGA" = Windows Genuine Advantage Validation Tool
    "WildTangent CDA" = WildTangent Web Driver
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "WinRAR archiver" = WinRAR 4.00 beta 2 (32-bit)
    "WT010646" = Bejeweled 2 Deluxe
    "WT010647" = Blackhawk Striker 2
    "WT010648" = Blasterball 2 Revolution
    "WT010649" = Diner Dash
    "WT010650" = FATE
    "WT010651" = Penguins!
    "WT010654" = SCRABBLE
    "WT010655" = Tradewinds
    "WT010660" = Polar Bowler
    "WT010661" = Polar Golfer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/27/2010 7:04:08 PM | Computer Name = YOUR-A5747C8268 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/27/2010 7:04:08 PM | Computer Name = YOUR-A5747C8268 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/27/2010 7:04:15 PM | Computer Name = YOUR-A5747C8268 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
    module mshtml.dll, version 6.0.2900.2912, fault address 0x0007ae88.

    Error - 11/27/2010 7:16:01 PM | Computer Name = YOUR-A5747C8268 | Source = Application Error | ID = 1000
    Description = Faulting application remind_xp.exe, version 1.0.3.0, faulting module
    remind_xp.exe, version 1.0.3.0, fault address 0x000160bf.

    Error - 11/27/2010 8:48:32 PM | Computer Name = YOUR-A5747C8268 | Source = Application Error | ID = 1000
    Description = Faulting application remind_xp.exe, version 1.0.3.0, faulting module
    remind_xp.exe, version 1.0.3.0, fault address 0x000160bf.

    Error - 11/27/2010 8:49:27 PM | Computer Name = YOUR-A5747C8268 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 11/27/2010 8:49:27 PM | Computer Name = YOUR-A5747C8268 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/27/2010 8:51:00 PM | Computer Name = YOUR-A5747C8268 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 11/27/2010 8:51:00 PM | Computer Name = YOUR-A5747C8268 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/27/2010 8:52:27 PM | Computer Name = YOUR-A5747C8268 | Source = Application Error | ID = 1000
    Description = Faulting application remind_xp.exe, version 1.0.3.0, faulting module
    remind_xp.exe, version 1.0.3.0, fault address 0x000160bf.

    [ System Events ]
    Error - 11/27/2010 6:46:53 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7034
    Description = The AOL Connectivity Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 11/27/2010 6:46:54 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7031
    Description = The AOL TopSpeed Monitor service terminated unexpectedly. It has
    done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
    Restart the service.

    Error - 11/27/2010 6:47:29 PM | Computer Name = YOUR-A5747C8268 | Source = DCOM | ID = 10010
    Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
    with DCOM within the required timeout.

    Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the AOL TopSpeed Monitor
    service to connect.

    Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7034
    Description = The McAfee SpamKiller Server service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7034
    Description = The NVIDIA Display Driver Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7034
    Description = The PrismXL service terminated unexpectedly. It has done this 1 time(s).

    Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7034
    Description = The McAfee Task Scheduler service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7034
    Description = The McAfee WSC Integration service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7031
    Description = The McAfee Personal Firewall Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    5000 milliseconds: Run the configured recovery program.


    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good news :)

    Update your Java version: http://java.com/en/download/index.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java installations...

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===================================================================

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2005/10/11 12:47:58 | 002,168,360 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
      O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
      O4 - HKCU..\Run: [Power2GoExpress] File not found
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\BigFix
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans....

    Download Security Check from HERE, and save it to your Desktop.

    * Double-click SecurityCheck.exe
    * Follow the onscreen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    =======================================================

    Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    ========================================================

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMPORTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  12. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    I'm having trouble finding your "Un-check Remove found threats" before clicking start instruction, I can't find it.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go ahead anyway.
     
  14. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    Sigh I found the Unchecking of Remove threats, but after the scan finished it said No thread was found then only option was uninstall application. No option to List found threads or export to text file.

    Here are the Logs for now

    OTL:


    All processes killed
    ========== OTL ==========
    No active process named bigfix.exe was found!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk moved successfully.
    C:\Program Files\BigFix\bigfix.exe moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\BigFix\__Data\__Global\Logs folder moved successfully.
    C:\Program Files\BigFix\__Data\__Global folder moved successfully.
    C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp folder moved successfully.
    C:\Program Files\BigFix\__Data\BigFix\__Local\Get folder moved successfully.
    C:\Program Files\BigFix\__Data\BigFix\__Local folder moved successfully.
    C:\Program Files\BigFix\__Data\BigFix\__Download folder moved successfully.
    C:\Program Files\BigFix\__Data\BigFix folder moved successfully.
    C:\Program Files\BigFix\__Data folder moved successfully.
    C:\Program Files\BigFix\Lib\Inspectors folder moved successfully.
    C:\Program Files\BigFix\Lib folder moved successfully.
    C:\Program Files\BigFix folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner

    User: Owner.YOUR-A5747C8268
    ->Temp folder emptied: 9339942 bytes
    ->Temporary Internet Files folder emptied: 107727 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 18676773 bytes
    ->Google Chrome cache emptied: 79983553 bytes
    ->Flash cache emptied: 1653 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 103.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner

    User: Owner.YOUR-A5747C8268
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11272010_222345

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...



    Checkup.txt:


    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 2
    Out of date service pack!!
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    avast! Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 7.0
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 avastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button

    =======================================================================

    You need to update Internet Explorer to at least version 7. Version 6 is obsolete and thus dangerous.
    You need to install Service Pack 3.

    ======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  16. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    My computers working real smooth now, no more error reports, working faster, less delay, It's awesome! Thanks.

    Here the log report for OTL:


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner

    User: Owner.YOUR-A5747C8268
    ->Temp folder emptied: 431594 bytes
    ->Temporary Internet Files folder emptied: 21689798 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 195937030 bytes
    ->Flash cache emptied: 2660 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 27496771 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3541 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 234.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner

    User: Owner.YOUR-A5747C8268
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.17.3 log created on 11282010_130308

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...