TechSpot

Bamital.A Virus Removal

By jackwalsh20
Oct 22, 2010
  1. Alright. Somehow I got a nasty bug on my computer. After scanning with Avast, I found that I had three viruses. They seem to be the same thing, and located at explorer.exe. This virus then tried to do something to my computer, which Avast alerted me to. It said the threat was blocked and that it was named Win32:Bamital.A

    I cannot access normal mode, as explorer.exe doesn't load up, and trying to open it through Task Manager gives me Access Denied.

    I have run OTL, TDSSKiller and MBRCheck all in safe mode. Here are the logs for those.

    Extras.txt


    OTL Extras logfile created on: 22/10/2010 5:41:26 PM - Run 1
    OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 186.30 Gb Total Space | 99.30 Gb Free Space | 53.30% Space Free | Partition Type: NTFS

    Computer Name: BRIAN-9E59318EE | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe -- File not found
    "C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Disabled:Age of Empires II Expansion -- (Microsoft Corporation)
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
    "C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Disabled:LaunchPad -- ()
    "C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe:*:Disabled:_aunchPad -- ()
    "C:\Documents and Settings\Kurt\Desktop\Q3Ademo\quake3.exe" = C:\Documents and Settings\Kurt\Desktop\Q3Ademo\quake3.exe:*:Disabled:quake3 -- File not found
    "C:\Documents and Settings\Kurt\CS Source\hl2.exe" = C:\Documents and Settings\Kurt\CS Source\hl2.exe:*:Disabled:hl2 -- File not found
    "C:\Documents and Settings\Maree\CS Source\hl2.exe" = C:\Documents and Settings\Maree\CS Source\hl2.exe:*:Disabled:hl2 -- File not found
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
    "C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
    "C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
    "C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
    "C:\Documents and Settings\Kurt\Application Data\3c.exe" = C:\Documents and Settings\Kurt\Application Data\3c.exe:*:Enabled:Win32load -- File not found
    "C:\Documents and Settings\Brian\Local Settings\Temp\7zS6.tmp\SymNRT.exe" = C:\Documents and Settings\Brian\Local Settings\Temp\7zS6.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
    "C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
    "C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
    "C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1
    "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
    "{27CACECD-7452-41A2-B1D5-76B18E79700F}" = Monsters, Inc. Wreck Room Arcade
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{38DFF723-C0B1-44AB-A927-62EDB033908F}" = Belkin 54g USB Network Adapter
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
    "{5F82271E-DFBE-405B-9C10-1B4E66C6E12E}" = iPod 2 iPod
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
    "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
    "{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
    "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
    "{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1
    "{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B62C3B2A-9FB8-44AA-B58F-FD2CE550E9E3}" = Ultimate Human Body 2
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
    "{CB49B376-1136-44B4-83FA-036334B59937}" = OLYMPUS Master 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
    "{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}" = OLYMPUS muvee theaterPack
    "{E02C0C32-1103-42E3-B2B3-1630675B778C}" = Avatar - Legends of The Arena
    "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
    "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "0D5BC5DD5940677F9B5623C12951388F5EF72436" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
    "84261EAEDFA5240ACFFEDFB145134E295B649795" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
    "8ABEA6D4578549FADD34471076DFC5C22976C6D9" = Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131)
    "Activision_SpaceInvadersUninstallKey" = Space Invaders
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Age of Empires" = Microsoft Age of Empires
    "Age of Empires 2.0" = Microsoft Age of Empires II
    "Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
    "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
    "avast5" = avast! Internet Security
    "BitLord" = BitLord 1.1
    "D-Link VGA Webcam" = D-Link VGA Webcam
    "DVD Flick_is1" = DVD Flick 1.3.0.6
    "DVDFab Platinum_is1" = DVDFab Platinum 3.1.8.0 Ghosthunter release
    "EDE780BB5DCF2C3476C105BAE4CC1175516E9173" = Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
    "FamilyFeudOnlineParty" = FamilyFeudOnlineParty (remove only)
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "HeroCodec" = HeroCodec
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InCD!UninstallKey" = InCD
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "JSKR_1.0" = JumpStart Kindergarten Reading v1.0
    "Kinder32" = Fisher-Price® Ready for School Kindergarten
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSN Music Assistant" = MSN Music Assistant
    "MSNINST" = MSN
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "PokerStars.net" = PokerStars.net
    "rrm69_32.exe" = Reader Rabbit's Math Ages 6-9
    "Samsung SpeedPlus Driver_is1" = Samsung SpeedPlus Driver
    "The Powerpuff Girls Screensaver" = The Powerpuff Girls Screensaver
    "The Print Shop Suite A 6.0" = The Print Shop® 6.0 Deluxe
    "TTUnin" = BBC Play with the Teletubbies
    "Tux Paint_is1" = Tux Paint 0.9.20
    "VLC media player" = VLC media player 0.9.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Toolbar" = Yahoo! Toolbar
    "Zoo Vet" = Zoo Vet
    "Zynga Toolbar" = Zynga Toolbar

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/08/2010 6:31:18 PM | Computer Name = BRIAN-9E59318EE | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
    Setup cannot find the required files. Check your connection to the network, or
    CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
    Office\OFFICE11\1033\SETUP.CHM.

    Error - 7/08/2010 12:58:05 AM | Computer Name = BRIAN-9E59318EE | Source = Google Update | ID = 20
    Description =

    Error - 7/08/2010 1:58:05 AM | Computer Name = BRIAN-9E59318EE | Source = Google Update | ID = 20
    Description =

    Error - 7/08/2010 2:58:05 AM | Computer Name = BRIAN-9E59318EE | Source = Google Update | ID = 20
    Description =

    Error - 7/08/2010 3:58:05 AM | Computer Name = BRIAN-9E59318EE | Source = Google Update | ID = 20
    Description =

    Error - 31/08/2010 2:26:59 AM | Computer Name = BRIAN-9E59318EE | Source = Application Hang | ID = 1002
    Description = Hanging application msmsgs.exe, version 4.7.0.3001, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 18/09/2010 6:56:18 AM | Computer Name = BRIAN-9E59318EE | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 8/10/2010 3:01:02 AM | Computer Name = BRIAN-9E59318EE | Source = Google Update | ID = 20
    Description =

    Error - 9/10/2010 2:01:01 AM | Computer Name = BRIAN-9E59318EE | Source = Google Update | ID = 20
    Description =

    Error - 19/10/2010 5:27:34 AM | Computer Name = BRIAN-9E59318EE | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x000666c6.

    [ System Events ]
    Error - 21/09/2010 4:10:34 AM | Computer Name = BRIAN-9E59318EE | Source = System Error | ID = 1003
    Description = Error code 1000007e, parameter1 c0000005, parameter2 805c0f58, parameter3
    ba4dfc68, parameter4 ba4df964.


    < End of report >

    MBRCheck.txt

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00800005

    Kernel Drivers (total 104):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75A8000 ACPI.sys
    0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7597000 pci.sys
    0xF75F7000 isapnp.sys
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF798B000 intelide.sys
    0xF7607000 MountMgr.sys
    0xF74D8000 ftdisk.sys
    0xF770F000 PartMgr.sys
    0xF7617000 VolSnap.sys
    0xF74C0000 atapi.sys
    0xF74A7000 nvata.sys
    0xF7627000 disk.sys
    0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7487000 fltmgr.sys
    0xF7475000 sr.sys
    0xF7647000 PxHelp20.sys
    0xF745E000 KSecDD.sys
    0xF7B52000 Ntfs.sys
    0xF7431000 NDIS.sys
    0xF7404000 aswNdis2.sys
    0xF798D000 aswNdis.sys
    0xF7657000 ohci1394.sys
    0xF7667000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xBA7E6000 Mup.sys
    0xBA6AE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xBA69D000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
    0xF774F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xBA679000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7757000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7767000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF76A7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7777000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF76B7000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF777F000 \SystemRoot\system32\drivers\Afc.sys
    0xF792B000 \SystemRoot\system32\drivers\iviaspi.sys
    0xF76C7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF76D7000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xBA656000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF778F000 \SystemRoot\System32\Drivers\incdrm.SYS
    0xF7797000 \SystemRoot\System32\DRIVERS\InCDPass.sys
    0xF77A7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF76E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF793F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xBA617000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF76F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7587000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF77C7000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xBA606000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7577000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF77D7000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF77E7000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF7567000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF77EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7993000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xBA4B8000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA7BE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7557000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF7547000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF799B000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7817000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF799F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7A7E000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79A3000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF773F000 \SystemRoot\System32\drivers\vga.sys
    0xBA432000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0xF79A7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF775F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7787000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA786000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xBA3FF000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xBA3A6000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xBA38F000 \SystemRoot\System32\Drivers\aswFW.SYS
    0xBA369000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xBA341000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xBA31F000 \SystemRoot\System32\drivers\afd.sys
    0xF7517000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xBA2F4000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xBA284000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF77BF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xBA766000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF793B000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBA756000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA54E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA7C2000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xBA244000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79B5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xBA44E000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA52E000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7AA8000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBFF50000 \SystemRoot\System32\framebuf.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB9F08000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB9C7C000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB9BB8000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xB9C18000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 20):
    0 System Idle Process
    4 System
    556 C:\WINDOWS\system32\smss.exe
    868 csrss.exe
    892 C:\WINDOWS\system32\winlogon.exe
    944 C:\WINDOWS\system32\services.exe
    956 C:\WINDOWS\system32\lsass.exe
    1120 C:\WINDOWS\system32\svchost.exe
    1232 svchost.exe
    1384 C:\WINDOWS\system32\svchost.exe
    1460 svchost.exe
    1624 svchost.exe
    144 C:\WINDOWS\explorer.exe
    1468 C:\Program Files\Internet Explorer\iexplore.exe
    1736 C:\Program Files\Internet Explorer\iexplore.exe
    1812 C:\WINDOWS\system32\ctfmon.exe
    2020 C:\Program Files\Internet Explorer\iexplore.exe
    1488 C:\Program Files\Internet Explorer\iexplore.exe
    1548 C:\Program Files\Internet Explorer\iexplore.exe
    1316 C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: ST3200820AS, Rev: 3.AAC

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  2. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    TDSSKiller...txt


    2010/10/22 17:34:48.0828 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
    2010/10/22 17:34:48.0828 ================================================================================
    2010/10/22 17:34:48.0828 SystemInfo:
    2010/10/22 17:34:48.0828
    2010/10/22 17:34:48.0828 OS Version: 5.1.2600 ServicePack: 3.0
    2010/10/22 17:34:48.0828 Product type: Workstation
    2010/10/22 17:34:48.0828 ComputerName: BRIAN-9E59318EE
    2010/10/22 17:34:48.0828 UserName: Administrator
    2010/10/22 17:34:48.0828 Windows directory: C:\WINDOWS
    2010/10/22 17:34:48.0828 System windows directory: C:\WINDOWS
    2010/10/22 17:34:48.0828 Processor architecture: Intel x86
    2010/10/22 17:34:48.0828 Number of processors: 2
    2010/10/22 17:34:48.0828 Page size: 0x1000
    2010/10/22 17:34:48.0828 Boot type: Safe boot with network
    2010/10/22 17:34:48.0828 ================================================================================
    2010/10/22 17:34:49.0046 Initialize success
    2010/10/22 17:34:50.0484 ================================================================================
    2010/10/22 17:34:50.0484 Scan started
    2010/10/22 17:34:50.0484 Mode: Manual;
    2010/10/22 17:34:50.0484 ================================================================================
    2010/10/22 17:34:51.0515 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2010/10/22 17:34:51.0609 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/10/22 17:34:51.0640 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/10/22 17:34:51.0703 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/10/22 17:34:51.0750 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2010/10/22 17:34:51.0781 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
    2010/10/22 17:34:51.0828 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/10/22 17:34:52.0000 ALCXWDM (36223c0ff66afd94d1d73fcb8fdfe91e) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    2010/10/22 17:34:52.0171 AppleCharger (75a8b998eb259dd512f01ea25bec7f3b) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys
    2010/10/22 17:34:52.0234 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/10/22 17:34:52.0406 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2010/10/22 17:34:52.0468 aswFW (25ace55b10046e9e6e9b148fa7abd3b7) C:\WINDOWS\system32\drivers\aswFW.sys
    2010/10/22 17:34:52.0531 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
    2010/10/22 17:34:52.0562 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys
    2010/10/22 17:34:52.0609 aswNdis2 (125febcb61d33b358afc20866b8a9842) C:\WINDOWS\system32\drivers\aswNdis2.sys
    2010/10/22 17:34:52.0656 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
    2010/10/22 17:34:52.0703 aswSnx (81f10376af5f0f466f03cb2c5321b7ed) C:\WINDOWS\system32\drivers\aswSnx.sys
    2010/10/22 17:34:52.0750 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
    2010/10/22 17:34:52.0828 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
    2010/10/22 17:34:52.0859 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/10/22 17:34:52.0890 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/10/22 17:34:52.0953 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/10/22 17:34:53.0000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/10/22 17:34:53.0093 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/10/22 17:34:53.0171 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/10/22 17:34:53.0218 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/10/22 17:34:53.0281 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/10/22 17:34:53.0328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/10/22 17:34:53.0375 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/10/22 17:34:53.0578 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/10/22 17:34:53.0656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/10/22 17:34:53.0734 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/10/22 17:34:53.0750 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/10/22 17:34:53.0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/10/22 17:34:53.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/10/22 17:34:53.0906 ENETHUSB (8c3f3914f1c1e3e3ffe77190a4c9d735) C:\WINDOWS\system32\DRIVERS\enethusb.sys
    2010/10/22 17:34:53.0984 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/10/22 17:34:54.0031 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/10/22 17:34:54.0062 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/10/22 17:34:54.0078 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/10/22 17:34:54.0125 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/10/22 17:34:54.0156 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    2010/10/22 17:34:54.0171 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/10/22 17:34:54.0187 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/10/22 17:34:54.0218 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys
    2010/10/22 17:34:54.0250 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2010/10/22 17:34:54.0281 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/10/22 17:34:54.0296 Suspicious service (NoAccess): gxvxcserv.sys
    2010/10/22 17:34:54.0296 gxvxcserv.sys - detected Rootkit.Win32.TDSS.tdl2 (0)
    2010/10/22 17:34:54.0343 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/10/22 17:34:54.0421 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/10/22 17:34:54.0468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/10/22 17:34:54.0515 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/10/22 17:34:54.0578 ialm (0a50599e2afecc2142329bdd7a137463) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2010/10/22 17:34:54.0671 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/10/22 17:34:54.0718 InCDfs (b87fc7c71632240dac8f4d20e9ce8377) C:\WINDOWS\system32\drivers\InCDfs.sys
    2010/10/22 17:34:54.0734 InCDPass (2e878405128ec98886eb9c2216ac7bd6) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
    2010/10/22 17:34:54.0765 InCDrec (ddf078917a42f105385d7eb6debb3433) C:\WINDOWS\system32\drivers\InCDrec.sys
    2010/10/22 17:34:54.0781 incdrm (7f352360e947ad2cd4ba60de27b1a299) C:\WINDOWS\system32\drivers\incdrm.sys
    2010/10/22 17:34:54.0875 INIDVD (5f798ff524694c54543a5735b1e87904) C:\WINDOWS\system32\DRIVERS\inidvd.sys
    2010/10/22 17:34:54.0921 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/10/22 17:34:54.0968 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/10/22 17:34:55.0015 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/10/22 17:34:55.0031 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/10/22 17:34:55.0062 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/10/22 17:34:55.0109 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/10/22 17:34:55.0171 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/10/22 17:34:55.0203 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/10/22 17:34:55.0250 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/10/22 17:34:55.0312 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
    2010/10/22 17:34:55.0343 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/10/22 17:34:55.0406 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/10/22 17:34:55.0437 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/10/22 17:34:55.0468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/10/22 17:34:55.0609 L1c (31ea3f3219abdd2a6ee0969cb3dc54e6) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
    2010/10/22 17:34:55.0671 LVUSBSta (9e9306063ecd8aa91b3fb76678d3cee2) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
    2010/10/22 17:34:55.0718 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/10/22 17:34:55.0765 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/10/22 17:34:55.0812 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2010/10/22 17:34:55.0843 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/10/22 17:34:55.0890 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/10/22 17:34:55.0921 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/10/22 17:34:55.0968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/10/22 17:34:56.0015 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/10/22 17:34:56.0078 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/10/22 17:34:56.0109 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/10/22 17:34:56.0156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/10/22 17:34:56.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/10/22 17:34:56.0203 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/10/22 17:34:56.0250 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/10/22 17:34:56.0265 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/10/22 17:34:56.0312 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/10/22 17:34:56.0359 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/10/22 17:34:56.0390 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/10/22 17:34:56.0421 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/10/22 17:34:56.0453 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/10/22 17:34:56.0468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/10/22 17:34:56.0500 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/10/22 17:34:56.0562 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/10/22 17:34:56.0609 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/10/22 17:34:56.0671 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/10/22 17:34:56.0718 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/10/22 17:34:56.0781 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/10/22 17:34:56.0812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/10/22 17:34:56.0906 nv (84c65aa58ae1ede93716439267a23d40) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/10/22 17:34:57.0046 nvata (11d1ad7e946538e02f9ef6a6e1792061) C:\WINDOWS\system32\DRIVERS\nvata.sys
    2010/10/22 17:34:57.0078 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    2010/10/22 17:34:57.0109 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    2010/10/22 17:34:57.0156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/10/22 17:34:57.0171 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/10/22 17:34:57.0250 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/10/22 17:34:57.0296 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\WINDOWS\system32\Drivers\ov519vid.sys
    2010/10/22 17:34:57.0343 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/10/22 17:34:57.0375 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/10/22 17:34:57.0406 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/10/22 17:34:57.0453 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/10/22 17:34:57.0546 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/10/22 17:34:57.0609 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/10/22 17:34:57.0656 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
    2010/10/22 17:34:57.0859 PID_PEPI (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
    2010/10/22 17:34:57.0953 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/10/22 17:34:58.0000 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2010/10/22 17:34:58.0015 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/10/22 17:34:58.0078 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/10/22 17:34:58.0125 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/10/22 17:34:58.0250 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/10/22 17:34:58.0281 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/10/22 17:34:58.0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/10/22 17:34:58.0343 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/10/22 17:34:58.0390 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/10/22 17:34:58.0421 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/10/22 17:34:58.0468 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/10/22 17:34:58.0500 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/10/22 17:34:58.0562 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
    2010/10/22 17:34:58.0625 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    2010/10/22 17:34:58.0687 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/10/22 17:34:58.0750 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/10/22 17:34:58.0765 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/10/22 17:34:58.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/10/22 17:34:58.0843 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/10/22 17:34:58.0890 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    2010/10/22 17:34:58.0921 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/10/22 17:34:58.0953 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/10/22 17:34:58.0984 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/10/22 17:34:59.0031 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/10/22 17:34:59.0078 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/10/22 17:34:59.0093 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/10/22 17:34:59.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/10/22 17:34:59.0234 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/10/22 17:34:59.0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/10/22 17:34:59.0328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/10/22 17:34:59.0375 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/10/22 17:34:59.0421 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/10/22 17:34:59.0453 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/10/22 17:34:59.0500 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/10/22 17:34:59.0531 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/10/22 17:34:59.0562 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/10/22 17:34:59.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/10/22 17:34:59.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/10/22 17:34:59.0656 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2010/10/22 17:34:59.0687 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/10/22 17:34:59.0718 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/10/22 17:34:59.0765 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/10/22 17:34:59.0812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/10/22 17:34:59.0843 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/10/22 17:34:59.0937 VIAHdAudAddService (029e0b9574d872582b4adfb69ee82f0e) C:\WINDOWS\system32\drivers\viahduaa.sys
    2010/10/22 17:35:00.0093 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/10/22 17:35:00.0140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/10/22 17:35:00.0203 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/10/22 17:35:00.0328 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
    2010/10/22 17:35:00.0390 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/10/22 17:35:00.0437 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/10/22 17:35:00.0625 ================================================================================
    2010/10/22 17:35:00.0625 Scan finished
    2010/10/22 17:35:00.0625 ================================================================================
    2010/10/22 17:35:00.0640 Detected object count: 1
    2010/10/22 17:35:04.0796 C:\WINDOWS\system32\drivers\gxvxceutoqomuwkmovrodabwvxwesdppkopxe.sys - will be deleted after reboot
    2010/10/22 17:35:04.0796 C:\WINDOWS\system32\gxvxctlirntiqnssewmelloyjbmmqfvklqewb.dll - will be deleted after reboot
    2010/10/22 17:35:04.0812 HKLM\SYSTEM\ControlSet001\services\gxvxcserv.sys - will be deleted after reboot
    2010/10/22 17:35:04.0812 HKLM\SYSTEM\ControlSet002\services\gxvxcserv.sys - will be deleted after reboot
    2010/10/22 17:35:04.0828 HKLM\SYSTEM\ControlSet003\services\gxvxcserv.sys - will be deleted after reboot
    2010/10/22 17:35:04.0859 HKLM\SYSTEM\ControlSet004\services\gxvxcserv.sys - will be deleted after reboot
    2010/10/22 17:35:04.0859 C:\WINDOWS\system32\drivers\gxvxceutoqomuwkmovrodabwvxwesdppkopxe.sys - will be deleted after reboot
    2010/10/22 17:35:04.0859 Rootkit.Win32.TDSS.tdl2(gxvxcserv.sys) - User select action: Delete
    2010/10/22 17:37:06.0468 Deinitialize success
     
  3. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    OTL.txt


    OTL logfile created on: 22/10/2010 5:41:26 PM - Run 1
    OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 186.30 Gb Total Space | 99.30 Gb Free Space | 53.30% Space Free | Partition Type: NTFS

    Computer Name: BRIAN-9E59318EE | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/22 17:40:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\OTL.exe
    PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/22 17:40:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\OTL.exe
    MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/04/14 11:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/09/08 02:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
    SRV - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)
    SRV - [2009/10/15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
    SRV - [2009/08/24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
    SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/04/17 15:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
    SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Brian\LOCALS~1\Temp\ktalk.sys -- (KTalk)
    DRV - [2010/10/22 16:11:14 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2010/09/08 01:54:16 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
    DRV - [2010/09/08 01:53:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2010/09/08 01:53:35 | 000,190,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
    DRV - [2010/09/08 01:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/08 01:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/08 01:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/08 01:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/08 01:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/08 01:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/06/29 07:10:45 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
    DRV - [2010/04/27 12:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)
    DRV - [2010/04/24 19:40:48 | 002,134,256 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2010/04/22 17:45:42 | 000,061,040 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
    DRV - [2010/04/21 11:42:38 | 001,917,344 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2008/04/14 05:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/14 03:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/11/08 00:18:54 | 000,007,936 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\inidvd.sys -- (INIDVD)
    DRV - [2007/05/09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/05/09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2006/03/14 13:06:01 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
    DRV - [2005/10/04 20:39:58 | 003,797,632 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2005/09/18 11:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2005/08/12 17:31:12 | 000,098,432 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
    DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2005/07/29 20:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/07/29 20:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/07/08 17:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
    DRV - [2005/07/08 17:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
    DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2004/12/17 18:58:59 | 000,028,005 | R--- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)
    DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/10/15 17:52:50 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com [binary data]

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    Hosts file not found
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab (Reg Error: Key error.)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192509931015 (MUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
    O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\eddfafbbdaa: DllName - C:\WINDOWS\system32\eddfafbbdaa.dll - C:\WINDOWS\System32\eddfafbbdaa.dll File not found
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/20 13:41:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
    Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mjpg - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Error starting restore point: System Restore is disabled.
    Error closing restore point: System Restore is disabled.

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/22 17:40:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\OTL.exe
    [2010/10/22 17:35:04 | 000,077,912 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
    [2010/10/22 17:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Application Data\TeamViewer
    [2010/10/22 16:56:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\PrivacIE
    [2010/10/21 19:39:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\IETldCache
    [2010/10/21 19:38:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Application Data\Microsoft
    [2010/10/21 19:38:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\SendTo
    [2010/10/21 19:38:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Application Data
    [2010/10/21 19:38:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Start Menu
    [2010/10/21 19:38:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Cookies
    [2010/10/21 19:38:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Templates
    [2010/10/21 19:38:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Recent
    [2010/10/21 19:38:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\PrintHood
    [2010/10/21 19:38:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\NetHood
    [2010/10/21 19:38:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Local Settings
    [2010/10/21 19:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\My Documents
    [2010/10/21 19:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Local Settings\Application Data\Microsoft
    [2010/10/21 19:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Application Data\Macromedia
    [2010/10/21 19:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Favorites
    [2010/10/21 19:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop
    [2010/10/12 17:55:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
    [2010/10/07 15:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2010/09/17 22:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2010/09/17 22:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Telstra
    [2010/09/14 18:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Zynga
    [2010/08/03 17:58:24 | 000,099,792 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2010/08/03 17:58:14 | 000,190,416 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2010/08/03 17:58:10 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/08/03 17:58:10 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
    [2010/08/03 17:52:46 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/08/03 17:52:45 | 000,340,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2010/08/03 17:52:45 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/08/03 17:52:45 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/08/03 17:52:44 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/08/03 17:52:43 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/08/03 17:52:43 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/08/03 17:52:42 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/08/03 17:52:22 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/08/03 17:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/08/03 17:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/08/03 17:50:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2010/08/03 17:48:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/08/03 15:12:45 | 000,061,040 | R--- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\l1c51x86.sys
    [2010/08/03 15:12:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Atheros_L1e
    [2010/08/03 15:12:06 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
    [2010/08/03 15:11:14 | 000,008,704 | R--- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\viahdcpl.cpl
    [2010/08/03 15:11:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
    [2010/08/03 15:11:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
    [2010/08/03 15:11:08 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\a3d.dll
    [2010/08/03 15:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
    [2010/08/03 15:09:54 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
    [2010/08/03 15:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2010/08/03 15:09:46 | 000,000,000 | ---D | C] -- C:\Intel
    [2010/08/03 15:09:14 | 000,000,000 | -H-D | C] -- C:\Program Files\DeviceVM
    [2010/08/03 15:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
    [2010/08/03 15:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2010/08/03 15:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2010/08/03 15:06:52 | 000,000,000 | ---D | C] -- C:\f9bcabcc756f3ad88213
    [2010/08/03 15:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Gigabyte
    [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/10/22 17:42:09 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/22 17:42:09 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/22 17:40:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\OTL.exe
    [2010/10/22 17:38:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/22 17:37:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/22 17:35:04 | 000,077,912 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
    [2010/10/22 17:32:27 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2010/10/22 17:32:27 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2010/10/22 17:28:19 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\tdsskiller.zip
    [2010/10/22 17:25:04 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\MBRCheck.exe
    [2010/10/22 17:01:28 | 003,099,848 | ---- | M] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\TeamViewer_Setup.exe
    [2010/10/22 16:10:49 | 000,442,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/22 16:08:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/22 16:08:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/22 15:53:47 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/20 20:24:20 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2010/10/20 20:24:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/10/12 21:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/10/12 17:31:04 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/10/08 13:55:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/10/07 15:50:35 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Harmony.url
    [2010/10/02 04:30:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job
    [2010/09/17 19:00:33 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/09/08 02:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/09/08 02:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/09/08 01:54:16 | 000,099,792 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2010/09/08 01:53:58 | 000,340,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2010/09/08 01:53:35 | 000,190,416 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2010/09/08 01:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/09/08 01:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/09/08 01:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/09/08 01:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/09/08 01:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/09/08 01:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/09/08 01:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/08/04 09:32:05 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2010/08/04 09:27:50 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
    [2010/08/03 15:11:18 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HD ADeck.lnk
    [2010/08/03 15:02:11 | 000,000,010 | ---- | M] () -- C:\WINDOWS\GSetup.ini
    [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
  4. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    OTL.txt cont

    ========== Files Created - No Company Name ==========

    [2010/10/22 17:32:27 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2010/10/22 17:32:27 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2010/10/22 17:28:09 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\tdsskiller.zip
    [2010/10/22 17:24:55 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\MBRCheck.exe
    [2010/10/22 17:01:12 | 003,099,848 | ---- | C] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\TeamViewer_Setup.exe
    [2010/10/20 20:24:20 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2010/10/07 15:50:35 | 000,000,183 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Harmony.url
    [2010/09/17 19:00:33 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/08/03 15:13:01 | 000,031,272 | ---- | C] () -- C:\WINDOWS\System32\AppleChargerSrv.exe
    [2010/08/03 15:13:01 | 000,019,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys
    [2010/08/03 15:12:07 | 000,188,114 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.th-TH.resources
    [2010/08/03 15:12:07 | 000,119,560 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.tr-TR.resources
    [2010/08/03 15:12:07 | 000,117,770 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.sv-SE.resources
    [2010/08/03 15:12:07 | 000,112,763 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.sl-SI.resources
    [2010/08/03 15:12:07 | 000,102,448 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.zh-TW.resources
    [2010/08/03 15:12:07 | 000,101,329 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.zh-CN.resources
    [2010/08/03 15:12:06 | 000,176,824 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.el-GR.resources
    [2010/08/03 15:12:06 | 000,163,864 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.ru-RU.resources
    [2010/08/03 15:12:06 | 000,138,355 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.ar-SA.resources
    [2010/08/03 15:12:06 | 000,134,852 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.ja-JP.resources
    [2010/08/03 15:12:06 | 000,132,174 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.he-IL.resources
    [2010/08/03 15:12:06 | 000,123,983 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.it-IT.resources
    [2010/08/03 15:12:06 | 000,121,696 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.ko-KR.resources
    [2010/08/03 15:12:06 | 000,121,375 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.es-ES.resources
    [2010/08/03 15:12:06 | 000,121,140 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.de-DE.resources
    [2010/08/03 15:12:06 | 000,119,204 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.fr-FR.resources
    [2010/08/03 15:12:06 | 000,118,800 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.pt-BR.resources
    [2010/08/03 15:12:06 | 000,118,003 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.nl-NL.resources
    [2010/08/03 15:12:06 | 000,117,981 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.hu-HU.resources
    [2010/08/03 15:12:06 | 000,117,466 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.pt-PT.resources
    [2010/08/03 15:12:06 | 000,117,179 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.cs-CZ.resources
    [2010/08/03 15:12:06 | 000,117,094 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.fi-FI.resources
    [2010/08/03 15:12:06 | 000,116,862 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.pl-PL.resources
    [2010/08/03 15:12:06 | 000,116,472 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.sk-SK.resources
    [2010/08/03 15:12:06 | 000,113,272 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.nb-NO.resources
    [2010/08/03 15:12:06 | 000,112,667 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.da-DK.resources
    [2010/08/03 15:12:06 | 000,108,636 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.en-US.resources
    [2010/08/03 15:12:06 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
    [2010/08/03 15:12:04 | 001,674,683 | R--- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
    [2010/08/03 15:12:04 | 000,982,224 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
    [2010/08/03 15:12:04 | 000,439,336 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
    [2010/08/03 15:12:04 | 000,058,558 | R--- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
    [2010/08/03 15:12:04 | 000,033,280 | R--- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
    [2010/08/03 15:12:04 | 000,001,023 | R--- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
    [2010/08/03 15:11:18 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HD ADeck.lnk
    [2010/08/03 15:02:11 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
    [2010/08/03 15:02:11 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
    [2009/04/29 07:31:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
    [2009/02/15 11:52:31 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
    [2009/02/15 11:52:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
    [2009/01/10 11:12:01 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/01/10 11:12:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/01/02 10:33:23 | 002,078,763 | ---- | C] () -- C:\Program Files\mplayerc_20081210.zip
    [2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/06/09 09:39:39 | 000,781,834 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
    [2008/06/09 09:39:39 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
    [2007/09/05 18:28:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/06/24 07:58:15 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/06/04 09:11:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
    [2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
    [2007/05/09 20:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2007/02/03 19:32:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2007/01/26 03:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
    [2007/01/26 03:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
    [2006/12/19 16:19:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
    [2006/12/19 16:19:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2006/09/27 07:34:30 | 000,000,122 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
    [2006/09/26 09:17:29 | 000,000,495 | ---- | C] () -- C:\WINDOWS\ka.ini
    [2006/09/20 23:29:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/09/20 20:29:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/09/20 16:40:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/09/20 14:41:35 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
    [2006/09/20 14:24:10 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2006/09/20 14:24:05 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
    [2006/02/28 23:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
    [2006/02/28 23:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
    [2006/02/28 23:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
    [2006/02/28 23:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
    [2006/02/28 23:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
    [2005/09/18 11:32:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2005/09/18 11:32:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2005/09/18 11:32:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2005/09/18 11:32:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2005/09/18 11:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2005/09/18 11:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2005/09/18 11:32:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [1997/06/14 13:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2010/10/22 17:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Application Data\TeamViewer
    [2010/08/03 17:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2006/10/08 11:36:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2009/01/16 09:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
    [2009/01/16 09:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
    [2007/10/25 16:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2009/06/23 21:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
    [2009/06/23 21:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
    [2009/06/23 21:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
    [2008/05/25 08:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/05/08 19:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
    [2009/03/22 14:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2009/11/12 18:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/26 16:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/10/02 04:30:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/06/16 09:03:19 | 000,000,000 | ---- | M] () -- C:\AILog.txt
    [2006/09/20 13:41:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/04 09:32:05 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2006/09/20 13:41:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/08/03 15:13:07 | 000,000,180 | ---- | M] () -- C:\csb.log
    [2010/05/17 10:47:49 | 000,000,000 | ---- | M] () -- C:\DTSHDSpOut.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2006/09/20 13:41:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/09/13 09:47:54 | 000,457,183 | ---- | M] () -- C:\logfile
    [2006/09/20 13:41:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/06/09 03:07:02 | 673,185,792 | -HS- | M] () -- C:\NRTPage.sys
    [2006/02/28 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/11/14 13:53:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/10/22 17:37:48 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/22 16:11:20 | 000,000,145 | ---- | M] () -- C:\service.log
    [2010/10/22 17:37:06 | 000,044,828 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_22.10.2010_17.34.48_log.txt
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2006/03/27 07:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
    [2006/03/27 07:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL
    [2008/07/06 23:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >
    [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2006/09/20 23:25:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/09/20 23:25:33 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/09/20 23:25:33 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/14 11:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
    [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/14 11:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
    [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/14 11:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
    [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA4300C6

    < End of report >
     
  5. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    GMER log is missing.
     
  6. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    MBAM Log

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 4922
    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702
    23/10/2010 8:11:49 PM
    mbam-log-2010-10-23 (20-11-49).txt
    Scan type: Quick scan
    Objects scanned: 204418
    Time elapsed: 5 minute(s), 24 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 32
    Files Infected: 41
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\gxvxc (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.150,85.255.112.69 -> Quarantined and deleted successfully.
    Folders Infected:
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347 (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\EntertainmentMarketingSP (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\EntertainmentMarketingSP\images (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\EntertainmentMarketingSP\images\active (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\EntertainmentMarketingSP\images\default (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Games (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\JokeSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Manager (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Movies (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Pranks (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    Files Infected:
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp_new (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Pranks\PranksOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Pranks\PranksOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\0004A739.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\RegClean Scheduled Scan.job (Rogue.RegClean) -> Quarantined and deleted successfully.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Still....GMER log is missing.
     
  8. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    Here's GMER

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-24 06:04:32
    Windows 5.1.2600 Service Pack 3
    Running: j20g4i9o.exe; Driver: C:\DOCUME~1\ADMINI~1.001\LOCALS~1\Temp\uwpyikog.sys

    ---- Kernel code sections - GMER 1.0.15 ----
    ? ujhx.sys The system cannot find the file specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\Explorer.EXE[152] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00B485CB
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
    Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
    ---- EOF - GMER 1.0.15 ----
     
  9. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    DDS.txt



    DDS (Ver_10-10-21.02) - NTFSx86 NETWORK
    Run by Administrator at 18:34:44.81 on Sun 24/10/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2012.1627 [GMT 11:00]

    AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\documents and settings\all users\desktop\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\documents and settings\all users\desktop\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192509931015
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: eddfafbbdaa - c:\windows\system32\eddfafbbdaa.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-8-3 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-8-3 190416]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-8-3 99792]
    R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-8-3 61040]
    S1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2010-8-3 19496]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-8-3 340048]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-3 165584]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-3 17744]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
    S2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-8-3 119200]
    S2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2009-10-15 223464]
    S2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-8-3 68136]
    S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-19 54752]
    S2 gupdate1c9876e2f4b9b6a;Google Update Service (gupdate1c9876e2f4b9b6a);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2009-6-6 7936]
    S3 KTalk;KTalk;\??\c:\docume~1\brian\locals~1\temp\ktalk.sys --> c:\docume~1\brian\locals~1\temp\ktalk.sys [?]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-8-3 2134256]

    =============== Created Last 30 ================

    2010-10-23 09:04:29 -------- d-----w- c:\docume~1\admini~1.001\applic~1\Malwarebytes
    2010-10-23 09:04:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-23 09:04:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-23 09:04:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-22 06:35:04 77912 ----a-w- c:\windows\system32\drivers\klmdb.sys
    2010-10-22 06:02:43 -------- d-----w- c:\docume~1\admini~1.001\applic~1\TeamViewer
    2010-10-22 05:56:43 -------- d-sh--w- c:\documents and settings\administrator.brian-9e59318ee.001\PrivacIE
    2010-10-21 08:39:11 -------- d-sh--w- c:\documents and settings\administrator.brian-9e59318ee.001\IETldCache
    2010-10-20 09:17:21 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2010-10-20 09:17:21 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-14 06:58:23 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-14 06:58:23 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-14 06:58:09 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

    ==================== Find3M ====================

    2010-10-22 22:41:19 17488 ----a-w- c:\windows\gdrv.sys
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-18 01:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2004-10-01 05:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

    ============= FINISH: 18:35:38.39 ===============

    Attach.txt



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-21.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 20/09/2006 12:43:40 PM
    System Uptime: 24/10/2010 6:31:02 PM (0 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | G41M-Combo
    Processor: Intel Pentium III Xeon processor | Socket 775 | 2933/266mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 186 GiB total, 99.682 GiB free.
    X: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Sansa Media Converter
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.1
    Adobe Shockwave Player
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Panorama Maker 4
    ArcSoft Software Suite
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    avast! Internet Security
    Avatar - Legends of The Arena
    BBC Play with the Teletubbies
    Belkin 54g USB Network Adapter
    BigPond Broadband ADSL
    BitLord 1.1
    Bonjour
    Browser Configuration Utility
    CCScore
    Critical Update for Windows Media Player 11 (KB959772)
    D-Link VGA Webcam
    DVD Flick 1.3.0.6
    DVD Solution
    DVDFab Platinum 3.1.8.0 Ghosthunter release
    EasySaver B9.0904.1
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    FamilyFeudOnlineParty (remove only)
    fflink
    Fisher-Price® Ready for School Kindergarten
    FUJIFILM FinePixViewer S Ver.2.1
    Google Chrome
    Google Earth
    Google SketchUp 7.1
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    InCD
    Intel(R) Graphics Media Accelerator Driver
    iPod 2 iPod
    iTunes
    Java(TM) 6 Update 13
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    JumpStart Kindergarten Reading v1.0
    Junk Mail filter update
    kgcbaby
    kgcbase
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    Logitech Harmony Remote Software
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Age of Empires
    Microsoft Age of Empires Expansion
    Microsoft Age of Empires II
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Live Add-in 1.3
    Microsoft Office Professional Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    Monsters, Inc. Wreck Room Arcade
    MSN
    MSN Music Assistant
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Multimedia Launcher
    Nero OEM
    netbrdg
    NVIDIA Drivers
    OfotoXMI
    OGA Notifier 1.7.0105.35.0
    OLYMPUS Master 2
    OLYMPUS muvee theaterPack
    ON_OFF Charge B10.0427.1
    OpenOffice.org Installer 1.0
    PHOTOfunSTUDIO -viewer-
    Pinnacle Studio 12
    Pivot Stickfigure Animator
    Platform
    PokerStars.net
    PowerDVD
    PowerProducer
    QuickTime
    Reader Rabbit's Math Ages 6-9
    Realtek AC'97 Audio
    Rhapsody Player Engine
    Safari
    Samsung Master
    Samsung SpeedPlus Driver
    Samsung USB Driver
    Sansa Media Converter
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SFR
    SHASTA
    skin0001
    SKINXSDK
    Skype™ 3.5
    Space Invaders
    staticcr
    The Powerpuff Girls Screensaver
    The Print Shop® 6.0 Deluxe
    tooltips
    Tux Paint 0.9.20
    Ultimate Human Body 2
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VIA Platform Device Manager
    VLC media player 0.9.9
    VPRINTOL
    WebFldrs XP
    Windows Defender Signatures
    Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131)
    Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
    Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
    Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinZip
    WIRELESS
    Yahoo! Toolbar
    Zoo Vet
    Zynga Toolbar

    ==== Event Viewer Messages From Past Week ========

    23/10/2010 9:23:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    22/10/2010 5:54:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    22/10/2010 5:41:40 PM, error: SRService [104] - The System Restore initialization process failed.
    22/10/2010 5:41:40 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
    22/10/2010 5:39:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AppleCharger aswSnx aswSP aswTdi Fips IntelIde intelppm nvata
    22/10/2010 4:57:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AppleCharger aswSnx aswSP aswTdi Fips intelppm
    20/10/2010 8:24:15 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    20/10/2010 8:24:07 PM, error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
    20/10/2010 7:48:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AppleCharger aswFW aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    20/10/2010 7:48:41 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    20/10/2010 7:48:41 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    20/10/2010 7:48:41 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    20/10/2010 7:48:41 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    20/10/2010 7:48:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    20/10/2010 7:48:41 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    20/10/2010 7:48:41 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    20/10/2010 7:42:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    20/10/2010 7:42:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    17/10/2010 12:43:40 PM, error: System Error [1003] - Error code 10000050, parameter1 f1b7b694, parameter2 00000000, parameter3 b9e4272b, parameter4 00000002.
    17/10/2010 12:43:37 PM, error: System Error [1003] - Error code 100000d1, parameter1 0000000c, parameter2 00000002, parameter3 00000000, parameter4 b91d45f3.
    17/10/2010 12:43:31 PM, error: System Error [1003] - Error code 000000c2, parameter1 00000040, parameter2 10000000, parameter3 80000000, parameter4 00000000.

    ==== End Of File ===========================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    ComboFix

    ComboFix 10-10-23.02 - Administrator 25/10/2010 16:43:05.1.2 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2012.1707 [GMT 11:00]
    Running from: c:\documents and settings\Administrator.BRIAN-9E59318EE.001\Desktop\ComboFix.exe
    AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Install.exe
    c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
    c:\windows\system\WING32.DLL
    c:\windows\system32\Thumbs.db
    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe
    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe
    .
    ((((((((((((((((((((((((( Files Created from 2010-09-25 to 2010-10-25 )))))))))))))))))))))))))))))))
    .
    2010-10-23 09:04 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-23 09:04 . 2010-10-23 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-23 09:04 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-22 06:35 . 2010-10-22 06:35 77912 ----a-w- c:\windows\system32\drivers\klmdb.sys
    2010-10-20 09:17 . 2010-10-20 09:17 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-20 08:47 . 2010-10-20 09:03 -------- d-s---w- c:\documents and settings\Administrator.BRIAN-9E59318EE
    2010-10-14 06:58 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-14 06:58 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-14 06:58 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-07 04:50 . 2010-10-07 04:50 -------- d-----w- c:\program files\Logitech
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-25 04:49 . 2010-08-03 04:19 17488 ----a-w- c:\windows\gdrv.sys
    2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-18 01:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-07 15:12 . 2010-08-03 06:58 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2010-08-03 06:52 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:54 . 2010-08-03 06:58 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2010-09-07 14:53 . 2010-08-03 06:52 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2010-09-07 14:53 . 2010-08-03 06:58 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2010-09-07 14:52 . 2010-08-03 06:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2010-08-03 06:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2010-08-03 06:52 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2010-08-03 06:52 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2010-08-03 06:52 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:47 . 2010-08-03 06:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46 . 2010-08-03 06:52 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2006-02-28 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2006-02-28 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-04-17 21:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2006-02-28 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2004-10-01 05:00 . 2006-09-20 03:41 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    2010-06-13 09:10 2734688 ----a-w- c:\program files\Zynga\tbZyng.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688]
    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
    @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
    [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
    2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
    "Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\All Users\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-9-20 106560]
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
    backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk
    backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
    backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2007-10-10 09:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 04:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2008-04-17 04:14 98616 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU]
    2009-10-15 04:06 375000 ----a-w- c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2010-05-04 12:09 33741424 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2010-04-23 06:59 174104 ----a-r- c:\windows\system32\hkcmd.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2010-04-23 07:00 141848 ----a-r- c:\windows\system32\igfxtray.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2006-03-14 02:06 1397760 ------w- c:\program files\Ahead\InCD\InCD.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-01-22 08:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2005-09-18 00:32 7204864 ----a-w- c:\windows\system32\nvcpl.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2005-09-18 00:32 86016 ----a-w- c:\windows\system32\nvmctray.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2005-09-18 00:32 1519616 ----a-w- c:\windows\system32\nwiz.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2010-04-23 06:59 144920 ----a-r- c:\windows\system32\igfxpers.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-02 10:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2005-10-04 06:12 90112 ------r- c:\windows\soundman.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-05-23 21:16 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-03-31 08:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
    "c:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"=
    "c:\\Program Files\\BitLord\\BitLord.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [3/08/2010 5:58 PM 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [3/08/2010 5:58 PM 190416]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [3/08/2010 5:58 PM 99792]
    R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/08/2010 3:12 PM 61040]
    S1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [3/08/2010 3:13 PM 19496]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/08/2010 5:52 PM 340048]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/08/2010 5:52 PM 165584]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/08/2010 5:52 PM 17744]
    S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [3/08/2010 5:58 PM 119200]
    S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [15/10/2009 3:06 PM 223464]
    S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [3/08/2010 3:03 PM 68136]
    S2 gupdate1c9876e2f4b9b6a;Google Update Service (gupdate1c9876e2f4b9b6a);c:\program files\Google\Update\GoogleUpdate.exe [5/02/2009 7:45 PM 133104]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [6/06/2009 3:59 PM 7936]
    S3 KTalk;KTalk;\??\c:\docume~1\Brian\LOCALS~1\Temp\ktalk.sys --> c:\docume~1\Brian\LOCALS~1\Temp\ktalk.sys [?]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/08/2010 3:11 PM 2134256]
    .
    Contents of the 'Scheduled Tasks' folder
    2010-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]
    2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 08:45]
    2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 08:45]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    .
    - - - - ORPHANS REMOVED - - - -
    Notify-eddfafbbdaa - c:\windows\system32\eddfafbbdaa.dll
    SafeBoot-klmdb.sys
    MSConfigStartUp-16913754 - c:\documents and settings\All Users\Application Data\16913754\16913754.exe
    MSConfigStartUp-96923746 - c:\documents and settings\All Users\Application Data\96923746\96923746.exe
    MSConfigStartUp-Application Layer Browser - abgsvc.exe
    MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    AddRemove-KB913433 - c:\windows\system32\MacroMed\Flash\genuinst.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-25 16:50
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\INIDVD]
    "ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\INIDVD]
    "ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\S-1-5-21-1085031214-1677128483-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,d5,8b,fe,d3,bd,9a,43,bb,f3,b9,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,d5,8b,fe,d3,bd,9a,43,bb,f3,b9,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(1692)
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-10-25 16:54:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-25 05:54
    Pre-Run: 106,933,121,024 bytes free
    Post-Run: 109,464,780,800 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    - - End Of File - - 56555AEC2A162EA9A68E05EF1585A4EA
     
  12. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    MBRCheck, version 1.2.3
    (c) 2010, AD
    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00800005
    Kernel Drivers (total 103):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75A8000 ACPI.sys
    0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7597000 pci.sys
    0xF75F7000 isapnp.sys
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF798B000 intelide.sys
    0xF7607000 MountMgr.sys
    0xF74D8000 ftdisk.sys
    0xF770F000 PartMgr.sys
    0xF7617000 VolSnap.sys
    0xF74C0000 atapi.sys
    0xF74A7000 nvata.sys
    0xF7627000 disk.sys
    0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7487000 fltmgr.sys
    0xF7647000 PxHelp20.sys
    0xF7470000 KSecDD.sys
    0xF7B52000 Ntfs.sys
    0xF7443000 NDIS.sys
    0xF7416000 aswNdis2.sys
    0xF798D000 aswNdis.sys
    0xF7657000 ohci1394.sys
    0xF7667000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xBA7E6000 Mup.sys
    0xBA6AE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xBA69D000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
    0xF774F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xBA679000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7757000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7767000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF76A7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7777000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF76B7000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF777F000 \SystemRoot\system32\drivers\Afc.sys
    0xF792B000 \SystemRoot\system32\drivers\iviaspi.sys
    0xF76C7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF76D7000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xBA656000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF778F000 \SystemRoot\System32\Drivers\incdrm.SYS
    0xF7797000 \SystemRoot\System32\DRIVERS\InCDPass.sys
    0xF77A7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF76E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF793F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xBA617000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF76F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7587000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF77C7000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xBA606000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7577000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF77D7000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF77E7000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF7567000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF77EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7993000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xBA4B8000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA7BE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7557000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF7547000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF799B000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7817000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF799F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7A9D000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79A3000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF773F000 \SystemRoot\System32\drivers\vga.sys
    0xBA432000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0xF79A7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF775F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7787000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA786000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xBA3FF000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xBA3A6000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xBA38F000 \SystemRoot\System32\Drivers\aswFW.SYS
    0xBA369000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xBA341000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xBA31F000 \SystemRoot\System32\drivers\afd.sys
    0xF7517000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xBA2F4000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xBA284000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF77BF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF74F7000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBA636000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBA766000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA556000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA62E000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xBA244000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79AD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xBA456000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA52E000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7ABA000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBFF50000 \SystemRoot\System32\framebuf.dll
    0xB9F2C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB9C7C000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB9C58000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xB9B40000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0x7C900000 \WINDOWS\system32\ntdll.dll
    Processes (total 18):
    0 System Idle Process
    4 System
    556 C:\WINDOWS\system32\smss.exe
    848 csrss.exe
    872 C:\WINDOWS\system32\winlogon.exe
    924 C:\WINDOWS\system32\services.exe
    936 C:\WINDOWS\system32\lsass.exe
    1080 C:\WINDOWS\system32\svchost.exe
    1184 svchost.exe
    1300 C:\WINDOWS\system32\svchost.exe
    1340 svchost.exe
    1388 svchost.exe
    220 C:\WINDOWS\explorer.exe
    1288 C:\Program Files\Internet Explorer\iexplore.exe
    1512 C:\Program Files\Internet Explorer\iexplore.exe
    1600 C:\WINDOWS\system32\ctfmon.exe
    1864 C:\Program Files\Internet Explorer\iexplore.exe
    2004 C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Local Settings\Temporary Internet Files\Content.IE5\I2DH8GUR\MBRCheck[1].exe
    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    PhysicalDrive0 Model Number: ST3200820AS, Rev: 3.AAC
    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

    Done!
     
  13. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    The problem seems to be gone!
     
  14. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Good news :)
    It looks like Combofix was able to replace files infected by Bamital.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Driver::
    KTalk
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  15. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    ComboFix


    ComboFix 10-10-26.03 - Administrator 27/10/2010 19:28:04.2.2 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2012.1650 [GMT 11:00]
    Running from: c:\documents and settings\Administrator.BRIAN-9E59318EE.001\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator.BRIAN-9E59318EE.001\Desktop\CFScript.txt
    AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_KTALK
    -------\Service_KTalk

    ((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
    .
    2010-10-25 05:58 . 2010-10-25 05:58 -------- d-----w- c:\documents and settings\Brian\Application Data\Malwarebytes
    2010-10-23 09:04 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-23 09:04 . 2010-10-23 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-23 09:04 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-22 06:35 . 2010-10-22 06:35 77912 ----a-w- c:\windows\system32\drivers\klmdb.sys
    2010-10-20 09:17 . 2010-10-20 09:17 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-20 08:47 . 2010-10-20 09:03 -------- d-s---w- c:\documents and settings\Administrator.BRIAN-9E59318EE
    2010-10-14 06:58 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-14 06:58 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-14 06:58 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-07 04:50 . 2010-10-07 04:50 -------- d-----w- c:\program files\Logitech
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-27 08:33 . 2010-08-03 04:19 17488 ----a-w- c:\windows\gdrv.sys
    2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-18 01:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-07 15:12 . 2010-08-03 06:58 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2010-08-03 06:52 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:54 . 2010-08-03 06:58 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2010-09-07 14:53 . 2010-08-03 06:52 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2010-09-07 14:53 . 2010-08-03 06:58 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2010-09-07 14:52 . 2010-08-03 06:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2010-08-03 06:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2010-08-03 06:52 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2010-08-03 06:52 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2010-08-03 06:52 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:47 . 2010-08-03 06:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46 . 2010-08-03 06:52 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2006-02-28 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2006-02-28 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-04-17 21:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2006-02-28 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2004-10-01 05:00 . 2006-09-20 03:41 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-10-25_05.50.53 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2006-02-28 12:00 . 2010-10-25 05:00 67312 c:\windows\system32\perfc009.dat
    + 2006-02-28 12:00 . 2010-10-27 08:20 67312 c:\windows\system32\perfc009.dat
    + 2006-02-28 12:00 . 2010-10-27 08:20 432356 c:\windows\system32\perfh009.dat
    - 2006-02-28 12:00 . 2010-10-25 05:00 432356 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    2010-06-13 09:10 2734688 ----a-w- c:\program files\Zynga\tbZyng.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688]
    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
    @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
    [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
    2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-9-20 106560]
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
    backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk
    backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
    backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2007-10-10 09:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 04:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2008-04-17 04:14 98616 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU]
    2009-10-15 04:06 375000 ----a-w- c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2010-05-04 12:09 33741424 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2010-04-23 06:59 174104 ----a-r- c:\windows\system32\hkcmd.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2010-04-23 07:00 141848 ----a-r- c:\windows\system32\igfxtray.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2006-03-14 02:06 1397760 ------w- c:\program files\Ahead\InCD\InCD.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-01-22 08:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2005-09-18 00:32 7204864 ----a-w- c:\windows\system32\nvcpl.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2005-09-18 00:32 86016 ----a-w- c:\windows\system32\nvmctray.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2005-09-18 00:32 1519616 ----a-w- c:\windows\system32\nwiz.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2010-04-23 06:59 144920 ----a-r- c:\windows\system32\igfxpers.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-02 10:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2005-10-04 06:12 90112 ------r- c:\windows\soundman.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-05-23 21:16 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-03-31 08:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
    "c:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"=
    "c:\\Program Files\\BitLord\\BitLord.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [3/08/2010 5:58 PM 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [3/08/2010 5:58 PM 190416]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [3/08/2010 5:58 PM 99792]
    R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/08/2010 3:12 PM 61040]
    S1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [3/08/2010 3:13 PM 19496]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/08/2010 5:52 PM 340048]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/08/2010 5:52 PM 165584]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/08/2010 5:52 PM 17744]
    S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [3/08/2010 5:58 PM 119200]
    S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [15/10/2009 3:06 PM 223464]
    S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [3/08/2010 3:03 PM 68136]
    S2 gupdate1c9876e2f4b9b6a;Google Update Service (gupdate1c9876e2f4b9b6a);c:\program files\Google\Update\GoogleUpdate.exe [5/02/2009 7:45 PM 133104]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [6/06/2009 3:59 PM 7936]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/08/2010 3:11 PM 2134256]
    .
    Contents of the 'Scheduled Tasks' folder
    2010-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]
    2010-10-27 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-23 03:55]
    2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 08:45]
    2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 08:45]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-27 19:38
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\INIDVD]
    "ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\INIDVD]
    "ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\S-1-5-21-1085031214-1677128483-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,d5,8b,fe,d3,bd,9a,43,bb,f3,b9,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,d5,8b,fe,d3,bd,9a,43,bb,f3,b9,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(632)
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-10-27 19:42:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-27 08:42
    ComboFix2.txt 2010-10-25 05:54
    Pre-Run: 109,415,047,168 bytes free
    Post-Run: 109,208,760,320 bytes free
    - - End Of File - - D22C4E8A3C5F57452356C4C533A47A40
     
  16. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    For some reason, an extras.txt file wasn't created

    Anyway here is the OTL file





    OTL logfile created on: 28/10/2010 4:50:15 PM - Run 2
    OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 186.30 Gb Total Space | 101.73 Gb Free Space | 54.61% Space Free | Partition Type: NTFS

    Computer Name: BRIAN-9E59318EE | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/22 17:40:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\OTL.exe
    PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/22 17:40:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\OTL.exe
    MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/04/14 11:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/09/08 02:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
    SRV - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)
    SRV - [2009/10/15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
    SRV - [2009/08/24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
    SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/04/17 15:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
    SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/10/27 19:33:44 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2010/09/08 01:54:16 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
    DRV - [2010/09/08 01:53:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2010/09/08 01:53:35 | 000,190,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
    DRV - [2010/09/08 01:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/08 01:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/08 01:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/08 01:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/08 01:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/08 01:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/06/29 07:10:45 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
    DRV - [2010/04/27 12:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)
    DRV - [2010/04/24 19:40:48 | 002,134,256 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2010/04/22 17:45:42 | 000,061,040 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
    DRV - [2010/04/21 11:42:38 | 001,917,344 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2008/04/14 05:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/14 03:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/11/08 00:18:54 | 000,007,936 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\inidvd.sys -- (INIDVD)
    DRV - [2007/05/09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/05/09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2006/03/14 13:06:01 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
    DRV - [2005/10/04 20:39:58 | 003,797,632 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2005/09/18 11:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2005/08/12 17:31:12 | 000,098,432 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
    DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2005/07/29 20:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/07/29 20:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/07/08 17:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
    DRV - [2005/07/08 17:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
    DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2004/12/17 18:58:59 | 000,028,005 | R--- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)
    DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/10/15 17:52:50 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com [binary data]

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/10/27 19:38:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192509931015 (MUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
    O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/20 13:41:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.mjpg - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Error starting restore point: The function was called in safe mode.
    Error closing restore point: The sequence number is invalid.

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/27 19:42:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/10/27 19:25:43 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/10/25 16:41:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/25 16:15:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/25 16:15:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/25 16:15:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/25 16:15:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/25 16:03:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/25 16:01:20 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/23 20:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Application Data\Malwarebytes
    [2010/10/23 20:04:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/23 20:04:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/23 20:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware
    [2010/10/23 20:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/23 20:03:00 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\mbam-setup-1.46.exe
    [2010/10/23 19:56:42 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\TFC.exe
    [2010/10/22 17:40:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\OTL.exe
    [2010/10/22 17:35:04 | 000,077,912 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
    [2010/10/22 17:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Application Data\TeamViewer
    [2010/10/22 16:56:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\PrivacIE
    [2010/10/21 19:39:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\IETldCache
    [2010/10/21 19:38:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Application Data\Microsoft
    [2010/10/21 19:38:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\SendTo
    [2010/10/21 19:38:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Application Data
    [2010/10/21 19:38:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Start Menu
    [2010/10/21 19:38:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Cookies
    [2010/10/21 19:38:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Templates
    [2010/10/21 19:38:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Recent
    [2010/10/21 19:38:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\PrintHood
    [2010/10/21 19:38:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\NetHood
    [2010/10/21 19:38:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Local Settings
    [2010/10/21 19:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\My Documents
    [2010/10/21 19:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Local Settings\Application Data\Microsoft
    [2010/10/21 19:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Application Data\Macromedia
    [2010/10/21 19:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Favorites
    [2010/10/21 19:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop
    [2010/10/12 17:55:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
    [2010/10/07 15:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2010/09/17 22:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2010/09/17 22:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Telstra
    [2010/09/14 18:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Zynga
    [2010/08/03 17:58:24 | 000,099,792 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2010/08/03 17:58:14 | 000,190,416 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2010/08/03 17:58:10 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/08/03 17:58:10 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
    [2010/08/03 17:52:46 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/08/03 17:52:45 | 000,340,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2010/08/03 17:52:45 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/08/03 17:52:45 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/08/03 17:52:44 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/08/03 17:52:43 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/08/03 17:52:43 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/08/03 17:52:42 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/08/03 17:52:22 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/08/03 17:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/08/03 17:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/08/03 17:50:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2010/08/03 17:48:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/08/03 15:12:45 | 000,061,040 | R--- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\l1c51x86.sys
    [2010/08/03 15:12:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Atheros_L1e
    [2010/08/03 15:12:06 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
    [2010/08/03 15:11:14 | 000,008,704 | R--- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\viahdcpl.cpl
    [2010/08/03 15:11:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
    [2010/08/03 15:11:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
    [2010/08/03 15:11:08 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\a3d.dll
    [2010/08/03 15:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
    [2010/08/03 15:09:54 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
    [2010/08/03 15:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2010/08/03 15:09:46 | 000,000,000 | ---D | C] -- C:\Intel
    [2010/08/03 15:09:14 | 000,000,000 | -H-D | C] -- C:\Program Files\DeviceVM
    [2010/08/03 15:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
    [2010/08/03 15:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2010/08/03 15:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2010/08/03 15:06:52 | 000,000,000 | ---D | C] -- C:\f9bcabcc756f3ad88213
    [2010/08/03 15:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Gigabyte

    ========== Files - Modified Within 90 Days ==========

    [2010/10/28 16:51:23 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/28 16:51:23 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/28 16:47:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/28 16:47:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/27 19:38:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/27 19:34:06 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/10/27 19:25:14 | 003,887,256 | R--- | M] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\ComboFix.exe
    [2010/10/25 22:16:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/10/25 16:58:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/25 16:41:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/10/23 20:15:25 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\j20g4i9o.exe
    [2010/10/23 20:04:24 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/23 20:03:18 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\mbam-setup-1.46.exe
    [2010/10/23 19:56:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\TFC.exe
    [2010/10/23 10:08:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/22 17:40:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\OTL.exe
    [2010/10/22 17:35:04 | 000,077,912 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
    [2010/10/22 17:32:27 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2010/10/22 17:32:27 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2010/10/22 17:28:19 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\tdsskiller.zip
    [2010/10/22 17:25:04 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\MBRCheck.exe
    [2010/10/22 17:01:28 | 003,099,848 | ---- | M] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\TeamViewer_Setup.exe
    [2010/10/22 16:10:49 | 000,442,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/22 15:53:47 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/20 20:24:20 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2010/10/20 20:24:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/10/12 21:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/10/12 17:31:04 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/10/08 13:55:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/10/07 15:50:35 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Harmony.url
    [2010/09/17 19:00:33 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/09/08 02:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/09/08 02:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/09/08 01:54:16 | 000,099,792 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2010/09/08 01:53:58 | 000,340,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2010/09/08 01:53:35 | 000,190,416 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2010/09/08 01:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/09/08 01:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/09/08 01:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/09/08 01:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/09/08 01:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/09/08 01:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/09/08 01:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/08/04 09:32:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/04 09:27:50 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
    [2010/08/03 15:11:18 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HD ADeck.lnk
    [2010/08/03 15:02:11 | 000,000,010 | ---- | M] () -- C:\WINDOWS\GSetup.ini

    ========== Files Created - No Company Name ==========

    [2010/10/25 16:58:41 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/10/25 16:41:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/10/25 16:41:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/25 16:15:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/25 16:15:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/25 16:15:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/25 16:15:58 | 000,079,872 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/25 16:15:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/25 16:01:02 | 003,887,256 | R--- | C] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\ComboFix.exe
    [2010/10/23 20:14:29 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\j20g4i9o.exe
    [2010/10/23 20:04:24 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/22 17:32:27 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2010/10/22 17:32:27 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2010/10/22 17:28:09 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\tdsskiller.zip
    [2010/10/22 17:24:55 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\MBRCheck.exe
    [2010/10/22 17:01:12 | 003,099,848 | ---- | C] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\TeamViewer_Setup.exe
    [2010/10/20 20:24:20 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2010/10/07 15:50:35 | 000,000,183 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Harmony.url
    [2010/09/17 19:00:33 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/08/03 15:13:01 | 000,031,272 | ---- | C] () -- C:\WINDOWS\System32\AppleChargerSrv.exe
    [2010/08/03 15:13:01 | 000,019,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys
    [2010/08/03 15:12:07 | 000,188,114 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.th-TH.resources
    [2010/08/03 15:12:07 | 000,119,560 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.tr-TR.resources
    [2010/08/03 15:12:07 | 000,117,770 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.sv-SE.resources
    [2010/08/03 15:12:07 | 000,112,763 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.sl-SI.resources
    [2010/08/03 15:12:07 | 000,102,448 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.zh-TW.resources
    [2010/08/03 15:12:07 | 000,101,329 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.zh-CN.resources
    [2010/08/03 15:12:06 | 000,176,824 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.el-GR.resources
    [2010/08/03 15:12:06 | 000,163,864 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.ru-RU.resources
    [2010/08/03 15:12:06 | 000,138,355 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.ar-SA.resources
    [2010/08/03 15:12:06 | 000,134,852 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.ja-JP.resources
    [2010/08/03 15:12:06 | 000,132,174 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.he-IL.resources
    [2010/08/03 15:12:06 | 000,123,983 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.it-IT.resources
    [2010/08/03 15:12:06 | 000,121,696 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.ko-KR.resources
    [2010/08/03 15:12:06 | 000,121,375 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.es-ES.resources
    [2010/08/03 15:12:06 | 000,121,140 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.de-DE.resources
    [2010/08/03 15:12:06 | 000,119,204 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.fr-FR.resources
    [2010/08/03 15:12:06 | 000,118,800 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.pt-BR.resources
    [2010/08/03 15:12:06 | 000,118,003 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.nl-NL.resources
    [2010/08/03 15:12:06 | 000,117,981 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.hu-HU.resources
    [2010/08/03 15:12:06 | 000,117,466 | R--- | C] () --
     
  18. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    C:\WINDOWS\System32\Gfxres.pt-PT.resources
    [2010/08/03 15:12:06 | 000,117,179 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.cs-CZ.resources
    [2010/08/03 15:12:06 | 000,117,094 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.fi-FI.resources
    [2010/08/03 15:12:06 | 000,116,862 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.pl-PL.resources
    [2010/08/03 15:12:06 | 000,116,472 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.sk-SK.resources
    [2010/08/03 15:12:06 | 000,113,272 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.nb-NO.resources
    [2010/08/03 15:12:06 | 000,112,667 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.da-DK.resources
    [2010/08/03 15:12:06 | 000,108,636 | R--- | C] () -- C:\WINDOWS\System32\Gfxres.en-US.resources
    [2010/08/03 15:12:06 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
    [2010/08/03 15:12:04 | 001,674,683 | R--- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
    [2010/08/03 15:12:04 | 000,982,224 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
    [2010/08/03 15:12:04 | 000,439,336 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
    [2010/08/03 15:12:04 | 000,058,558 | R--- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
    [2010/08/03 15:12:04 | 000,033,280 | R--- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
    [2010/08/03 15:12:04 | 000,001,023 | R--- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
    [2010/08/03 15:11:18 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HD ADeck.lnk
    [2010/08/03 15:02:11 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
    [2010/08/03 15:02:11 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
    [2009/04/29 07:31:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
    [2009/02/15 11:52:31 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
    [2009/02/15 11:52:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
    [2009/01/10 11:12:01 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/01/10 11:12:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/01/02 10:33:23 | 002,078,763 | ---- | C] () -- C:\Program Files\mplayerc_20081210.zip
    [2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/06/09 09:39:39 | 000,781,834 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
    [2008/06/09 09:39:39 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
    [2007/09/05 18:28:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/06/24 07:58:15 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/06/04 09:11:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
    [2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
    [2007/05/09 20:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2007/02/03 19:32:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2007/01/26 03:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
    [2007/01/26 03:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
    [2006/12/19 16:19:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
    [2006/12/19 16:19:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2006/09/27 07:34:30 | 000,000,122 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
    [2006/09/26 09:17:29 | 000,000,495 | ---- | C] () -- C:\WINDOWS\ka.ini
    [2006/09/20 23:29:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/09/20 20:29:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/09/20 16:40:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/09/20 14:41:35 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
    [2006/09/20 14:24:10 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2006/09/20 14:24:05 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
    [2005/09/18 11:32:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2005/09/18 11:32:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2005/09/18 11:32:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2005/09/18 11:32:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2005/09/18 11:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2005/09/18 11:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2005/09/18 11:32:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [1997/06/14 13:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2010/10/22 17:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Application Data\TeamViewer
    [2010/08/03 17:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2006/10/08 11:36:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2009/01/16 09:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
    [2009/01/16 09:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
    [2007/10/25 16:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2009/06/23 21:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
    [2009/06/23 21:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
    [2009/06/23 21:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
    [2008/05/25 08:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/05/08 19:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
    [2009/03/22 14:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2009/11/12 18:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/26 16:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/06/16 09:03:19 | 000,000,000 | ---- | M] () -- C:\AILog.txt
    [2006/09/20 13:41:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/04 09:32:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/10/25 16:41:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/10/27 19:42:10 | 000,017,616 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/20 13:41:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/08/03 15:13:07 | 000,000,180 | ---- | M] () -- C:\csb.log
    [2010/05/17 10:47:49 | 000,000,000 | ---- | M] () -- C:\DTSHDSpOut.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2006/09/20 13:41:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/09/13 09:47:54 | 000,457,183 | ---- | M] () -- C:\logfile
    [2006/09/20 13:41:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/06/09 03:07:02 | 673,185,792 | -HS- | M] () -- C:\NRTPage.sys
    [2006/02/28 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/11/14 13:53:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/10/28 16:46:58 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/27 19:37:17 | 000,000,209 | ---- | M] () -- C:\service.log
    [2010/10/22 17:37:06 | 000,044,828 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_22.10.2010_17.34.48_log.txt
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/20 13:41:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/03/27 07:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
    [2006/03/27 07:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL
    [2008/07/06 23:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 21:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/08 02:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/01/02 10:33:32 | 002,078,763 | ---- | M] () -- C:\Program Files\mplayerc_20081210.zip
    [2004/10/01 16:00:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Uninstall_CDS.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/09/20 23:25:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/09/20 23:25:33 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/09/20 23:25:33 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/11/14 13:59:09 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/27 19:25:14 | 003,887,256 | R--- | M] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\ComboFix.exe
    [2010/10/23 20:15:25 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\j20g4i9o.exe
    [2010/10/23 20:03:18 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\mbam-setup-1.46.exe
    [2010/10/22 17:25:04 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\MBRCheck.exe
    [2010/10/22 17:12:17 | 013,063,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\mssefullinstall-x86fre-en-us-xp.exe
    [2010/10/22 17:40:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\OTL.exe
    [2010/10/22 17:01:28 | 003,099,848 | ---- | M] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\TeamViewer_Setup.exe
    [2010/10/23 19:56:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/10/28 16:49:18 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 11:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/03 01:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/14 04:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 11:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/03 05:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/03 05:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/03 05:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-22 04:54:10


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA4300C6

    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    Is normal mode still not accessible?

    If you can start computer in normal mode now, please update MBAM, run "Quick scan" and post its log.
    Re-run OTL in normal mode and post new log.
     
  20. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    OTL


    OTL logfile created on: 1/11/2010 3:57:34 PM - Run 3
    OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 186.30 Gb Total Space | 101.37 Gb Free Space | 54.41% Space Free | Partition Type: NTFS

    Computer Name: BRIAN-9E59318EE | User Name: Kurt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/22 17:40:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\OTL.exe
    PRC - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/09/08 02:11:44 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
    PRC - [2009/10/15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
    PRC - [2009/10/15 15:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
    PRC - [2009/08/24 15:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
    PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
    PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
    PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2008/04/17 15:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/03/31 19:07:47 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
    PRC - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    PRC - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    PRC - [2002/10/11 09:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/10/22 17:40:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\OTL.exe
    MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/04/14 11:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/09/08 02:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
    SRV - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)
    SRV - [2009/10/15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
    SRV - [2009/08/24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
    SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/04/17 15:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
    SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/11/01 15:43:13 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2010/09/08 01:54:16 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
    DRV - [2010/09/08 01:53:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2010/09/08 01:53:35 | 000,190,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
    DRV - [2010/09/08 01:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/08 01:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/08 01:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/08 01:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/08 01:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/08 01:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/06/29 07:10:45 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
    DRV - [2010/04/27 12:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)
    DRV - [2010/04/24 19:40:48 | 002,134,256 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2010/04/22 17:45:42 | 000,061,040 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
    DRV - [2010/04/21 11:42:38 | 001,917,344 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2008/04/14 05:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/14 03:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/11/08 00:18:54 | 000,007,936 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\inidvd.sys -- (INIDVD)
    DRV - [2007/05/09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/05/09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2006/03/14 13:06:01 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
    DRV - [2005/10/04 20:39:58 | 003,797,632 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2005/09/18 11:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2005/08/12 17:31:12 | 000,098,432 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
    DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2005/07/29 20:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/07/29 20:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/07/08 17:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
    DRV - [2005/07/08 17:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
    DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2004/12/17 18:58:59 | 000,028,005 | R--- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)
    DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/10/15 17:52:50 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com [binary data]

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ninemsn.com.au
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    O1 HOSTS File: ([2010/10/27 19:38:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
    O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192509931015 (MUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
    O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Kurt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kurt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/20 13:41:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{105ac5b8-9b81-11df-bc97-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{105ac5b8-9b81-11df-bc97-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{105ac5b8-9b81-11df-bc97-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/11/01 15:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/10/27 19:42:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/10/27 19:25:43 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/10/25 16:41:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/25 16:15:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/25 16:15:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/25 16:15:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/25 16:15:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/25 16:03:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/25 16:01:20 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/23 20:04:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/23 20:04:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/23 20:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware
    [2010/10/23 20:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/22 17:35:04 | 000,077,912 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
    [2010/10/12 17:55:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
    [2010/10/07 15:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Application Data\Logitech
    [2010/10/07 15:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2010/10/07 15:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Application Data\InstallShield
    [2010/09/17 22:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2010/09/17 22:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Telstra
    [2010/09/15 07:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Local Settings\Application Data\Zynga
    [2010/09/14 18:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Zynga
    [2010/08/07 14:32:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kurt\IECompatCache
    [2010/08/07 14:31:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kurt\PrivacIE
    [2010/08/07 14:31:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kurt\IETldCache
    [2010/08/03 17:58:24 | 000,099,792 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2010/08/03 17:58:14 | 000,190,416 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2010/08/03 17:58:10 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/08/03 17:58:10 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
    [2010/08/03 17:52:46 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/08/03 17:52:45 | 000,340,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2010/08/03 17:52:45 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/08/03 17:52:45 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/08/03 17:52:44 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/08/03 17:52:43 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/08/03 17:52:43 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/08/03 17:52:42 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/08/03 17:52:22 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/08/03 17:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/08/03 17:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/08/03 17:50:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2010/08/03 17:48:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/08/03 15:12:06 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
    [2010/08/03 15:11:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
    [2010/08/03 15:11:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
    [2009/02/20 16:18:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Kurt\Application Data\pcouffin.sys

    ========== Files - Modified Within 90 Days ==========

    [2010/11/01 15:51:36 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\JavaRa.zip
    [2010/11/01 15:47:16 | 000,433,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/01 15:47:16 | 000,067,864 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/01 15:43:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/01 15:43:33 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/11/01 15:43:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/01 15:42:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/31 21:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/29 16:50:39 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/10/27 19:38:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/25 22:16:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/10/25 16:41:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/10/23 20:04:24 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/22 17:35:04 | 000,077,912 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
    [2010/10/22 17:32:27 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2010/10/22 17:32:27 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2010/10/22 16:10:49 | 000,442,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/22 15:53:47 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/20 20:24:20 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2010/10/20 20:24:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/10/19 21:29:51 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Kurt\My Documents\Electromagnets.doc
    [2010/10/12 21:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/10/12 18:56:41 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Kurt\My Documents\Monday 13th June 1999.doc
    [2010/10/12 18:00:27 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\Microsoft Office Word 2003.lnk
    [2010/10/08 13:55:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/10/07 17:50:26 | 000,027,530 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\generic_settings.pdf
    [2010/10/07 15:50:35 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Harmony.url
    [2010/10/07 15:50:00 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\Shortcut to LogitechHarmonySoftware.lnk
    [2010/10/05 09:38:00 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Kurt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/17 19:00:33 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/09/08 02:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/09/08 02:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/09/08 01:54:16 | 000,099,792 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2010/09/08 01:53:58 | 000,340,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2010/09/08 01:53:35 | 000,190,416 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2010/09/08 01:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/09/08 01:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/09/08 01:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/09/08 01:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/09/08 01:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/09/08 01:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/09/08 01:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/08/07 14:31:15 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\Games.lnk
    [2010/08/07 14:31:07 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kurt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/08/04 09:32:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/04 09:27:50 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak

    ========== Files Created - No Company Name ==========

    [2010/11/01 15:51:36 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Kurt\Desktop\JavaRa.zip
    [2010/10/25 16:58:41 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/10/25 16:41:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/10/25 16:41:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/25 16:15:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/25 16:15:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/25 16:15:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/25 16:15:58 | 000,079,872 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/25 16:15:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/23 20:04:24 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/22 17:32:27 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2010/10/22 17:32:27 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2010/10/20 20:24:20 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2010/10/19 21:29:51 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Kurt\My Documents\Electromagnets.doc
    [2010/10/12 18:56:41 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Kurt\My Documents\Monday 13th June 1999.doc
    [2010/10/07 17:50:26 | 000,027,530 | ---- | C] () -- C:\Documents and Settings\Kurt\Desktop\generic_settings.pdf
    [2010/10/07 15:50:35 | 000,000,183 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Harmony.url
    [2010/10/07 15:50:00 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\Kurt\Desktop\Shortcut to LogitechHarmonySoftware.lnk
    [2010/09/17 19:00:33 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/08/07 14:31:14 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\Kurt\Desktop\Games.lnk
    [2010/08/03 15:13:01 | 000,019,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys
    [2010/08/03 15:02:11 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
    [2009/04/29 07:31:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
    [2009/02/20 16:18:22 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Kurt\Application Data\pcouffin.log
    [2009/02/20 16:18:13 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Kurt\Application Data\inst.exe
    [2009/02/20 16:18:13 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Kurt\Application Data\pcouffin.cat
    [2009/02/20 16:18:13 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Kurt\Application Data\pcouffin.inf
    [2009/02/15 11:52:31 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
    [2009/02/15 11:52:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
    [2009/01/10 11:12:01 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/01/10 11:12:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/01/02 10:33:23 | 002,078,763 | ---- | C] () -- C:\Program Files\mplayerc_20081210.zip
    [2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/06/09 09:39:39 | 000,781,834 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
    [2008/06/09 09:39:39 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
    [2007/10/28 11:49:50 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Kurt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/09/05 18:28:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/06/24 07:58:15 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/06/04 09:11:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
    [2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
    [2007/05/09 20:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2007/02/03 19:32:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2007/01/26 03:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
    [2007/01/26 03:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
    [2006/12/19 16:19:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
    [2006/12/19 16:19:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2006/09/27 07:34:30 | 000,000,122 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
    [2006/09/26 09:17:29 | 000,000,495 | ---- | C] () -- C:\WINDOWS\ka.ini
    [2006/09/20 23:29:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/09/20 20:29:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/09/20 16:40:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/09/20 14:41:35 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
    [2006/09/20 14:24:10 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2006/09/20 14:24:05 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
    [2005/09/18 11:32:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2005/09/18 11:32:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2005/09/18 11:32:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2005/09/18 11:32:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2005/09/18 11:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2005/09/18 11:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2005/09/18 11:32:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [1997/06/14 13:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2010/08/03 17:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2006/10/08 11:36:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2009/01/16 09:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
    [2009/01/16 09:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
    [2007/10/25 16:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2009/06/23 21:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
    [2009/06/23 21:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
    [2009/06/23 21:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
    [2008/05/25 08:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/05/08 19:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
    [2009/03/22 14:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2009/11/12 18:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/26 16:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2007/05/17 20:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\AVG7
    [2008/07/18 10:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\AVGTOOLBAR
    [2007/06/18 19:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\Canon
    [2009/02/20 17:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\DVDFab
    [2008/01/09 18:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\FunWebProducts
    [2008/01/28 21:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\RegClean
    [2008/07/05 20:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\TuxPaint
    [2010/09/18 08:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\Vso

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA4300C6
    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 52,910   +344

     
  22. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4922

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/11/2010 8:42:43 PM
    mbam-log-2010-11-03 (20-42-43).txt

    Scan type: Quick scan
    Objects scanned: 226089
    Time elapsed: 1 hour(s), 0 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 13
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 4
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HeroCodecSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\Kurt\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kurt\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kurt\Application Data\FunWebProducts\Data\Kurt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kurt\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\Kurt\Local Settings\Temp\a6.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Local Settings\Temporary Internet Files\Content.IE5\VGEXP9UD\OTL[1].exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kurt\Application Data\FunWebProducts\Data\Kurt\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kurt\Start Menu\Programs\HeroCodec\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
      O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
      O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab (Reg Error: Key error.)
      O33 - MountPoints2\{105ac5b8-9b81-11df-bc97-806d6172696f}\Shell - "" = AutoRun
      O33 - MountPoints2\{105ac5b8-9b81-11df-bc97-806d6172696f}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{105ac5b8-9b81-11df-bc97-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
      [2010/10/22 17:35:04 | 000,077,912 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
      [2007/05/17 20:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\AVG7
      [2008/07/18 10:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\AVGTOOLBAR
      @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA4300C6
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    OTL


    OTL logfile created on: 4/11/2010 4:24:00 PM - Run 4
    OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 186.30 Gb Total Space | 101.47 Gb Free Space | 54.47% Space Free | Partition Type: NTFS

    Computer Name: BRIAN-9E59318EE | User Name: Kurt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/22 17:40:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\OTL.exe
    PRC - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/09/08 02:11:44 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
    PRC - [2010/01/22 19:16:38 | 010,358,056 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
    PRC - [2009/10/15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
    PRC - [2009/10/15 15:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
    PRC - [2009/08/28 19:48:08 | 000,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    PRC - [2009/08/28 19:48:02 | 000,245,288 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    PRC - [2009/08/24 15:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
    PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
    PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
    PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2008/04/17 15:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/03/31 19:07:47 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
    PRC - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    PRC - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    PRC - [2002/10/11 09:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/10/22 17:40:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.BRIAN-9E59318EE.001\Desktop\OTL.exe
    MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/04/14 11:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/09/08 02:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
    SRV - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)
    SRV - [2009/10/15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
    SRV - [2009/08/24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
    SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/04/17 15:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
    SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/11/04 15:56:30 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2010/09/08 01:54:16 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
    DRV - [2010/09/08 01:53:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2010/09/08 01:53:35 | 000,190,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
    DRV - [2010/09/08 01:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/08 01:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/08 01:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/08 01:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/08 01:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/08 01:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/06/29 07:10:45 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
    DRV - [2010/04/27 12:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)
    DRV - [2010/04/24 19:40:48 | 002,134,256 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2010/04/22 17:45:42 | 000,061,040 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
    DRV - [2010/04/21 11:42:38 | 001,917,344 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2008/04/14 05:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/14 03:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/11/08 00:18:54 | 000,007,936 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\inidvd.sys -- (INIDVD)
    DRV - [2007/05/09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/05/09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2006/03/14 13:06:01 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
    DRV - [2005/10/04 20:39:58 | 003,797,632 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2005/09/18 11:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2005/08/12 17:31:12 | 000,098,432 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
    DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2005/07/29 20:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/07/29 20:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/07/08 17:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
    DRV - [2005/07/08 17:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
    DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2004/12/17 18:58:59 | 000,028,005 | R--- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)
    DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/10/15 17:52:50 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com [binary data]

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ninemsn.com.au
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    O1 HOSTS File: ([2010/10/27 19:38:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
    O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192509931015 (MUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
    O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Kurt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kurt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/20 13:41:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{105ac5b8-9b81-11df-bc97-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{105ac5b8-9b81-11df-bc97-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{105ac5b8-9b81-11df-bc97-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
     
  25. jackwalsh20

    jackwalsh20 TS Rookie Topic Starter Posts: 26

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/11/03 19:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Application Data\Malwarebytes
    [2010/11/01 15:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/10/27 19:42:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/10/27 19:25:43 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/10/25 16:41:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/25 16:15:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/25 16:15:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/25 16:15:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/25 16:15:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/25 16:03:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/25 16:01:20 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/23 20:04:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/23 20:04:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/23 20:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware
    [2010/10/23 20:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/22 17:35:04 | 000,077,912 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
    [2010/10/12 17:55:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
    [2010/10/07 15:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Application Data\Logitech
    [2010/10/07 15:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2010/10/07 15:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Application Data\InstallShield
    [2010/09/17 22:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2010/09/17 22:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Telstra
    [2010/09/15 07:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Local Settings\Application Data\Zynga
    [2010/09/14 18:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Zynga
    [2010/08/07 14:32:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kurt\IECompatCache
    [2010/08/07 14:31:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kurt\PrivacIE
    [2010/08/07 14:31:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kurt\IETldCache
    [2010/08/03 15:12:06 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
    [2010/08/03 15:11:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
    [2010/08/03 15:11:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
    [2009/02/20 16:18:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Kurt\Application Data\pcouffin.sys

    ========== Files - Modified Within 90 Days ==========

    [2010/11/04 16:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/04 16:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/04 16:05:26 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/11/04 16:00:38 | 000,433,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/04 16:00:38 | 000,067,864 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/04 15:56:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/04 15:56:40 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/11/04 15:56:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/01 15:51:36 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\JavaRa.zip
    [2010/10/27 19:38:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/25 22:16:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/10/25 16:41:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/10/23 20:04:24 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/22 17:35:04 | 000,077,912 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
    [2010/10/22 17:32:27 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2010/10/22 17:32:27 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2010/10/22 16:10:49 | 000,442,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/22 15:53:47 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/20 20:24:20 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2010/10/20 20:24:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/10/19 21:29:51 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Kurt\My Documents\Electromagnets.doc
    [2010/10/12 21:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/10/12 18:56:41 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Kurt\My Documents\Monday 13th June 1999.doc
    [2010/10/12 18:00:27 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\Microsoft Office Word 2003.lnk
    [2010/10/08 13:55:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/10/07 17:50:26 | 000,027,530 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\generic_settings.pdf
    [2010/10/07 15:50:35 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Harmony.url
    [2010/10/07 15:50:00 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\Shortcut to LogitechHarmonySoftware.lnk
    [2010/10/05 09:38:00 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Kurt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/17 19:00:33 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/09/08 02:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/09/08 02:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/09/08 01:54:16 | 000,099,792 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2010/09/08 01:53:58 | 000,340,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2010/09/08 01:53:35 | 000,190,416 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2010/09/08 01:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/09/08 01:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/09/08 01:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/09/08 01:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/09/08 01:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/09/08 01:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/09/08 01:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/08/07 14:31:15 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\Games.lnk
    [2010/08/07 14:31:07 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kurt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

    ========== Files Created - No Company Name ==========

    [2010/11/01 15:51:36 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Kurt\Desktop\JavaRa.zip
    [2010/10/25 16:58:41 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/10/25 16:41:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/10/25 16:41:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/25 16:15:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/25 16:15:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/25 16:15:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/25 16:15:58 | 000,079,872 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/25 16:15:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/23 20:04:24 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/22 17:32:27 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2010/10/22 17:32:27 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2010/10/20 20:24:20 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2010/10/19 21:29:51 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Kurt\My Documents\Electromagnets.doc
    [2010/10/12 18:56:41 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Kurt\My Documents\Monday 13th June 1999.doc
    [2010/10/07 17:50:26 | 000,027,530 | ---- | C] () -- C:\Documents and Settings\Kurt\Desktop\generic_settings.pdf
    [2010/10/07 15:50:35 | 000,000,183 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Harmony.url
    [2010/10/07 15:50:00 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\Kurt\Desktop\Shortcut to LogitechHarmonySoftware.lnk
    [2010/09/17 19:00:33 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/08/07 14:31:14 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\Kurt\Desktop\Games.lnk
    [2010/08/03 15:13:01 | 000,019,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys
    [2010/08/03 15:02:11 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
    [2009/04/29 07:31:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
    [2009/02/20 16:18:22 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Kurt\Application Data\pcouffin.log
    [2009/02/20 16:18:13 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Kurt\Application Data\inst.exe
    [2009/02/20 16:18:13 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Kurt\Application Data\pcouffin.cat
    [2009/02/20 16:18:13 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Kurt\Application Data\pcouffin.inf
    [2009/02/15 11:52:31 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
    [2009/02/15 11:52:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
    [2009/01/10 11:12:01 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/01/10 11:12:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/01/02 10:33:23 | 002,078,763 | ---- | C] () -- C:\Program Files\mplayerc_20081210.zip
    [2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/06/09 09:39:39 | 000,781,834 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
    [2008/06/09 09:39:39 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
    [2007/10/28 11:49:50 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Kurt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/09/05 18:28:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/06/24 07:58:15 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/06/04 09:11:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
    [2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
    [2007/05/09 20:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2007/02/03 19:32:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2007/01/26 03:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
    [2007/01/26 03:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
    [2006/12/19 16:19:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
    [2006/12/19 16:19:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2006/09/27 07:34:30 | 000,000,122 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
    [2006/09/26 09:17:29 | 000,000,495 | ---- | C] () -- C:\WINDOWS\ka.ini
    [2006/09/20 23:29:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/09/20 20:29:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/09/20 16:40:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/09/20 14:41:35 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
    [2006/09/20 14:24:10 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2006/09/20 14:24:05 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
    [2005/09/18 11:32:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2005/09/18 11:32:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2005/09/18 11:32:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2005/09/18 11:32:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2005/09/18 11:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2005/09/18 11:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2005/09/18 11:32:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [1997/06/14 13:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2010/08/03 17:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2006/10/08 11:36:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2009/01/16 09:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
    [2009/01/16 09:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
    [2007/10/25 16:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2009/06/23 21:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
    [2009/06/23 21:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
    [2009/06/23 21:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
    [2008/05/25 08:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/05/08 19:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
    [2009/03/22 14:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2009/11/12 18:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/26 16:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2007/05/17 20:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\AVG7
    [2008/07/18 10:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\AVGTOOLBAR
    [2007/06/18 19:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\Canon
    [2009/02/20 17:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\DVDFab
    [2008/01/28 21:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\RegClean
    [2008/07/05 20:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\TuxPaint
    [2010/09/18 08:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\Vso

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < :OTLIE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not foundO2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not foundO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not foundO4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not foundO16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab (Reg Error: Key error.)O33 >
    Invalid Switch: toolb...lerControl.cab (Reg Error: Key error.)O33

    < - MountPoints2\{105ac5b8-9b81-11df-bc97-806d6172696f}\Shell - "" = AutoRunO33 - MountPoints2\{105ac5b8-9b81-11df-bc97-806d6172696f}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{105ac5b8-9b81-11df-bc97-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found[2010/10/22 17:35:04 | 000,077,912 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys[2007/05/17 20:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\AVG7[2008/07/18 10:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\AVGTOOLBAR@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA4300C6 :Services :Reg :Files :Commands[purity][emptytemp][emptyflash][Reboot] >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA4300C6
    < End of report >
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...