TechSpot

Possible virus.patchload.o Infection?

Solved
By wisconsin
Dec 25, 2011
  1. Broni

    Broni Malware Annihilator Posts: 46,479   +252

  2. Broni

    Broni Malware Annihilator Posts: 46,479   +252

  3. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.29.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    OEM :: OEM-D6C1D17F45D [administrator]

    12/30/2011 7:35:05 AM
    mbam-log-2011-12-30 (07-39-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 157411
    Time elapsed: 3 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini (Backdoor.ZAccess) -> No action taken.

    (end)
  4. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    Although the MBAM log above doesn't show it, I hit the button to remove the file detected and restarted the computer as per MBAM's request to do so.

    Should I run the OTL step now?
  5. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Re-run MBAM so I can see that entry is gone.

    Then go with OTL.
  6. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    Here is the log from re-running MBAM. I am surpirised at how quickly MBAM runs the scan now. It was taking 15 minutes or more before I sought your assistance. Now it is a shade over 4 minutes to complete.


    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.29.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    OEM :: OEM-D6C1D17F45D [administrator]

    12/30/2011 9:12:21 AM
    mbam-log-2011-12-30 (09-12-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 157024
    Time elapsed: 4 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  7. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    Here is the OTL file ... I didn't get a second file named Etras.txt? I followed your steps to the letter as outlined above.


    OTL logfile created on: 12/30/2011 9:32:29 AM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\OEM\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 70.89% Memory free
    3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.66% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 2.71 Gb Free Space | 7.27% Space Free | Partition Type: NTFS
    Drive D: | 37.26 Gb Total Space | 0.56 Gb Free Space | 1.51% Space Free | Partition Type: NTFS
    Drive E: | 37.26 Gb Total Space | 0.41 Gb Free Space | 1.09% Space Free | Partition Type: NTFS

    Computer Name: OEM-D6C1D17F45D | User Name: OEM | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/30 09:24:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Desktop\OTL.exe
    PRC - [2011/12/29 12:56:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    PRC - [2011/12/29 12:49:07 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2011/12/12 07:02:03 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2011/11/15 12:15:16 | 000,197,288 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/02/26 16:53:30 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
    PRC - [2001/10/05 18:00:00 | 000,377,856 | ---- | M] (ITeX INC.) -- C:\WINDOWS\system32\mapiicon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/12 08:28:49 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
    MOD - [2011/12/12 07:02:26 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
    MOD - [2011/12/12 07:02:22 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
    MOD - [2011/12/12 06:55:23 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
    MOD - [2011/12/11 13:00:30 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
    MOD - [2011/12/11 12:58:36 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
    MOD - [2011/12/11 12:45:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
    MOD - [2011/12/11 12:45:24 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
    MOD - [2011/12/11 12:44:31 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
    MOD - [2011/12/11 12:39:41 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
    MOD - [2011/12/11 12:39:15 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
    MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
    MOD - [2011/12/02 07:49:14 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
    MOD - [2011/11/30 08:15:56 | 000,086,696 | ---- | M] () -- C:\Program Files\adawaretb\adawareDx.dll
    MOD - [2011/11/01 09:28:02 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2010/11/02 09:43:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2010/11/02 09:43:04 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
    MOD - [2010/11/02 09:43:04 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
    MOD - [2010/11/02 09:43:04 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
    MOD - [2010/11/02 09:43:04 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
    MOD - [2010/11/02 09:43:03 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2010/11/02 09:43:03 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
    MOD - [2010/11/02 09:43:03 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2010/11/02 09:43:03 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
    MOD - [2010/11/02 09:43:03 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2010/11/02 09:43:03 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2010/11/02 09:43:03 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:43:03 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2010/11/02 09:43:03 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:43:03 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2010/11/02 09:43:03 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2010/11/02 09:43:03 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2010/11/02 09:43:02 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:43:02 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:43:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2010/11/02 09:43:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2010/11/02 09:43:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
    MOD - [2010/11/02 09:43:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3693.42470__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.dll
    MOD - [2010/11/02 09:43:01 | 001,036,288 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3693.42473__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:43:01 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3693.42472__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll
    MOD - [2010/11/02 09:42:59 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:42:59 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:42:59 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:42:59 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:42:59 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:42:59 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:42:59 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:42:59 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2010/11/02 09:42:59 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:42:59 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:42:59 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2010/11/02 09:42:59 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2010/11/02 09:42:59 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2010/11/02 09:42:59 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2010/11/02 09:42:59 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2010/11/02 09:42:58 | 000,086,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Dashboard\2.0.3693.42562__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Dashboard.dll
    MOD - [2010/11/02 09:42:58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2010/11/02 09:42:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Runtime\2.0.3693.42562__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Runtime.dll
    MOD - [2010/11/02 09:42:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2010/11/02 09:42:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2010/11/02 09:42:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
    MOD - [2010/11/02 09:42:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
    MOD - [2010/11/02 09:42:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2010/11/02 09:42:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2010/11/02 09:42:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2010/11/02 09:42:58 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2010/11/02 09:42:57 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2010/11/02 09:42:57 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2010/11/02 09:42:57 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2010/11/02 09:42:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2010/11/02 09:42:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2010/11/02 09:42:57 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2010/11/02 09:42:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
    MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
    MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2010/11/02 09:42:57 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2010/11/02 09:42:56 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
    MOD - [2010/11/02 09:42:56 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2010/11/02 09:42:56 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:56 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2010/11/02 09:42:56 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:56 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:56 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2010/11/02 09:42:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:56 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2010/11/02 09:42:56 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Shared\2.0.3309.28642__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Shared.dll
    MOD - [2010/11/02 09:42:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2010/11/02 09:42:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
    MOD - [2010/11/02 09:42:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2010/11/02 09:42:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2010/11/02 09:42:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2010/11/02 09:42:56 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
    MOD - [2010/11/02 09:42:56 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
    MOD - [2010/11/02 09:42:56 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2010/11/02 09:42:55 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2010/11/02 09:42:55 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll
    MOD - [2010/11/02 09:42:55 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2010/11/02 09:42:55 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2010/11/02 09:42:55 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll
    MOD - [2010/11/02 09:42:55 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2010/11/02 09:42:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2010/11/02 09:42:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2010/11/02 09:42:55 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2010/11/02 09:42:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2010/11/02 09:42:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2010/11/02 09:42:54 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2010/11/02 09:42:54 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll
    MOD - [2010/11/02 09:42:54 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll
    MOD - [2010/11/02 09:42:54 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2010/11/02 09:42:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2009/11/24 13:36:36 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (SpyHunter 4 Service)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/12/29 12:56:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
    SRV - [2011/12/29 12:49:07 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2011/03/31 17:59:36 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
    DRV - [2010/07/09 14:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
    DRV - [2009/09/17 18:45:27 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
    DRV - [2008/08/21 17:52:41 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2008/04/14 05:51:44 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008/04/13 22:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
    DRV - [2006/04/20 15:20:22 | 000,019,456 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
    DRV - [2006/04/20 14:50:34 | 000,059,776 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
    DRV - [2006/04/20 14:49:26 | 000,009,600 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
    DRV - [2004/03/19 20:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
    DRV - [2003/07/18 09:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
    DRV - [2003/06/09 03:44:32 | 000,113,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2003/06/09 03:44:22 | 000,494,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2003/06/09 03:42:28 | 000,819,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
    DRV - [2003/02/21 19:28:22 | 000,205,220 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\OEM\Desktop\hVC Alpha 2\hvwindr.sys -- (HVWINDR.SYS)
    DRV - [2001/10/05 18:00:00 | 000,432,640 | ---- | M] (ITeX) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBCIwana.sys -- (itexadsla2)
    DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
    DRV - [2000/07/24 02:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
    IE - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\OEM\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\OEM\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\OEM\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/12/29 12:58:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [ADSL_A2] A2Installed File not found
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe (ITeX INC.)
    O4 - Startup: C:\Documents and Settings\OEM\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-3843734048-2396963864-1074853062-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267652763921 (WUWebControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D60D6B9F-6E55-4AC7-803F-BB70AD7BCE1F}: NameServer = 202.27.158.40 202.27.156.72
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/10/09 15:08:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/30 07:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Application Data\Malwarebytes
    [2011/12/30 07:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/30 07:33:27 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/12/30 07:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/30 07:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/12/30 07:31:25 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\OEM\Desktop\mbam-setup-1.60.0.1800.exe
    [2011/12/29 17:34:29 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\OEM\Desktop\mbam-clean.exe
    [2011/12/29 16:52:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/12/29 16:33:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/12/29 10:41:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/29 10:41:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/29 10:41:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/29 10:41:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/29 10:41:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/29 10:40:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/29 10:34:59 | 004,354,974 | R--- | C] (Swearware) -- C:\Documents and Settings\OEM\Desktop\ComboFix.exe
    [2011/12/28 18:15:27 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OEM\Desktop\tdsskiller.exe
    [2011/12/28 17:31:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\OEM\Start Menu\Programs\Administrative Tools
    [2011/12/28 17:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Desktop\New Folder
    [2011/12/28 17:03:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\OEM\Desktop\dds.scr
    [2011/12/28 15:00:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2011/12/28 03:49:46 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/12/18 14:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Start Menu\Programs\SpyHunter
    [2011/12/18 14:23:31 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2011/12/18 14:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2011/12/18 14:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2011/12/18 14:15:15 | 000,706,976 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\OEM\Desktop\SpyHunter-Installer.exe
    [2011/12/18 11:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2011/12/18 11:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2011/12/18 08:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Application Data\MediaWmplay
    [2011/12/12 10:38:44 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\OEM\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/12/12 09:55:13 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/12/12 06:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Local Settings\Application Data\adaware
    [2011/12/12 06:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
    [2011/12/12 06:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
    [2011/12/12 06:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Application Data\adawaretb
    [2011/12/12 06:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
    [2011/12/12 06:54:52 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2011/12/12 06:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2011/12/12 06:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========
  8. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    ========== Files - Modified Within 30 Days ==========

    [2011/12/30 09:37:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/12/30 09:24:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Desktop\OTL.exe
    [2011/12/30 08:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/30 08:57:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/30 07:51:19 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/12/30 07:51:00 | 000,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
    [2011/12/30 07:51:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/30 07:33:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/30 07:31:25 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\OEM\Desktop\mbam-setup-1.60.0.1800.exe
    [2011/12/29 17:34:29 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\OEM\Desktop\mbam-clean.exe
    [2011/12/29 16:33:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/12/29 12:58:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/12/29 12:32:29 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/12/29 12:32:29 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/12/29 10:29:34 | 004,354,974 | R--- | M] (Swearware) -- C:\Documents and Settings\OEM\Desktop\ComboFix.exe
    [2011/12/29 07:53:40 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\RKUnhookerLE.EXE
    [2011/12/28 18:09:00 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OEM\Desktop\tdsskiller.exe
    [2011/12/28 17:53:32 | 000,455,503 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\DummyCreator.zip
    [2011/12/28 16:57:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\OEM\Desktop\dds.scr
    [2011/12/28 16:55:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\gzgn8iqy.exe
    [2011/12/28 15:03:01 | 000,502,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/12/28 15:03:01 | 000,088,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/12/28 15:00:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/28 15:00:15 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/28 14:57:42 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2011/12/28 14:52:21 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2011/12/28 14:52:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011/12/28 14:52:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011/12/28 14:52:05 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
    [2011/12/28 14:48:35 | 000,023,376 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/12/28 14:46:54 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/12/28 14:40:53 | 000,001,398 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ ADSL PCI NIC.lnk
    [2011/12/28 14:40:39 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ADSL Diagnostic Tools.LNK
    [2011/12/26 08:45:04 | 000,562,929 | ---- | M] () -- C:\WINDOWS\setupapi.old
    [2011/12/18 14:23:45 | 000,001,969 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\SpyHunter.lnk
    [2011/12/18 14:15:15 | 000,706,976 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\OEM\Desktop\SpyHunter-Installer.exe
    [2011/12/18 13:01:40 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini
    [2011/12/18 12:51:42 | 000,000,454 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\WinPrefetchView.cfg
    [2011/12/18 11:13:19 | 000,506,880 | ---- | M] () -- C:\Documents and Settings\OEM\My Documents\Ramones.pub
    [2011/12/14 17:17:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/12/14 17:17:12 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\OEM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/14 16:12:35 | 000,044,504 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\winprefetchview.zip
    [2011/12/12 10:38:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\OEM\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/12/12 07:02:31 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/12/12 07:02:29 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
    [2011/12/12 06:52:41 | 012,406,784 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\Ad-Aware96Install.msi
    [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/30 07:33:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/29 16:33:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/12/29 16:33:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/12/29 10:41:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/12/29 10:41:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/29 10:41:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/29 10:41:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/29 10:41:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/29 08:03:57 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\RKUnhookerLE.EXE
    [2011/12/28 18:00:32 | 000,455,503 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\DummyCreator.zip
    [2011/12/28 17:03:33 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\gzgn8iqy.exe
    [2011/12/28 14:40:39 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ADSL Diagnostic Tools.LNK
    [2011/12/28 14:35:38 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
    [2011/12/28 14:35:38 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
    [2011/12/28 14:35:38 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
    [2011/12/28 14:35:38 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
    [2011/12/28 14:35:37 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
    [2011/12/28 14:35:37 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
    [2011/12/28 14:35:37 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
    [2011/12/28 14:35:37 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
    [2011/12/28 14:35:37 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
    [2011/12/28 14:35:37 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
    [2011/12/28 14:35:37 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
    [2011/12/28 14:35:37 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
    [2011/12/28 14:35:37 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
    [2011/12/28 14:35:37 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
    [2011/12/28 14:35:37 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
    [2011/12/28 14:35:37 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
    [2011/12/28 14:35:36 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
    [2011/12/28 14:35:36 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
    [2011/12/18 14:23:45 | 000,001,969 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\SpyHunter.lnk
    [2011/12/18 11:13:18 | 000,506,880 | ---- | C] () -- C:\Documents and Settings\OEM\My Documents\Ramones.pub
    [2011/12/18 08:31:25 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/12/18 08:31:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/12/14 17:07:22 | 000,000,454 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\WinPrefetchView.cfg
    [2011/12/14 16:12:34 | 000,044,504 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\winprefetchview.zip
    [2011/12/12 10:22:18 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2011/12/12 06:52:40 | 012,406,784 | ---- | C] () -- C:\Documents and Settings\OEM\Desktop\Ad-Aware96Install.msi
    [2011/08/25 19:09:34 | 000,233,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/04/28 18:17:43 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\OEM\Local Settings\Application Data\Databases.db
    [2010/10/27 17:43:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
    [2010/10/25 07:54:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2010/10/25 07:54:25 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2010/10/24 15:51:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2010/07/19 10:02:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\captureur.ini
    [2010/03/22 08:37:12 | 001,072,989 | ---- | C] () -- C:\WINDOWS\unins000.exe
    [2010/03/22 08:37:12 | 000,002,474 | ---- | C] () -- C:\WINDOWS\unins000.dat
    [2009/09/16 17:20:03 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\mywebhit.ini
    [2009/08/01 14:09:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\Dvbpws.dll
    [2009/04/20 11:03:52 | 000,009,030 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
    [2009/04/20 11:03:43 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2009/04/20 11:03:28 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\bd2040.dat
    [2009/04/18 10:31:01 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
    [2009/04/18 10:31:01 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
    [2009/04/18 10:31:01 | 000,000,313 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
    [2009/04/18 10:31:01 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
    [2009/04/18 10:31:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
    [2009/04/18 10:30:59 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
    [2009/04/18 10:23:47 | 000,000,241 | ---- | C] () -- C:\WINDOWS\Brownie.ini
    [2009/02/06 12:03:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/02/06 11:56:43 | 000,251,970 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
    [2009/02/06 11:56:43 | 000,189,490 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
    [2009/02/06 11:56:43 | 000,114,972 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
    [2009/02/06 11:56:43 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
    [2008/11/15 11:44:01 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\OEM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/11/10 10:48:45 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
    [2008/10/10 06:12:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2008/10/10 06:06:39 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2008/10/10 06:06:27 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2008/10/10 06:06:26 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2008/10/10 06:06:25 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
    [2008/10/10 06:06:25 | 000,174,818 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2008/10/10 03:23:08 | 000,000,791 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/10/09 15:12:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/10/09 15:03:58 | 000,023,376 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/10/09 07:55:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/10/09 07:54:01 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/08/06 10:14:13 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ATIBRTMON.EXE
    [2008/04/14 18:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/01/15 01:06:21 | 000,202,240 | R--- | C] () -- C:\WINDOWS\System32\UnInst.exe
    [2004/01/15 01:06:20 | 000,211,456 | R--- | C] () -- C:\WINDOWS\System32\DllMapi8.exe
    [2004/01/15 01:06:20 | 000,151,040 | R--- | C] () -- C:\WINDOWS\System32\DllMapi6.exe
    [2004/01/15 01:06:20 | 000,147,968 | R--- | C] () -- C:\WINDOWS\System32\DllMapi7.exe
    [2004/01/15 01:06:20 | 000,133,632 | R--- | C] () -- C:\WINDOWS\System32\dllmapi2.exe
    [2004/01/15 01:06:20 | 000,002,430 | ---- | C] () -- C:\WINDOWS\System32\AdslCfg.ini
    [2001/08/24 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/08/24 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2001/08/24 01:00:00 | 000,502,534 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2001/08/24 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2001/08/24 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2001/08/24 01:00:00 | 000,088,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2001/08/24 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2001/08/24 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2001/08/24 01:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2001/08/24 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2011/12/12 06:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
    [2009/01/08 16:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2011/12/29 17:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\adawaretb
    [2011/12/17 09:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\MailWasherPro
    [2011/12/18 10:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\MediaWmplay
    [2011/11/22 08:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\METAbolt
    [2011/01/28 10:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\Opera
    [2011/10/27 14:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\SecondLife
    [2011/10/24 12:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Application Data\T-App
    [2011/12/30 07:51:19 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/12/30 07:50:49 | 000,014,561 | ---- | M] () -- C:\aaw7boot.log
    [2008/10/09 15:08:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/12/28 14:46:54 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/12/29 16:33:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/12/29 16:52:43 | 000,013,284 | ---- | M] () -- C:\ComboFix.txt
    [2008/10/09 15:08:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/10/09 15:08:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/10/09 15:08:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/09/17 18:30:27 | 000,000,116 | ---- | M] () -- C:\myDelm.bat
    [2008/04/13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 00:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/12/28 04:10:42 | 000,054,762 | ---- | M] () -- C:\OTL.Txt
    [2011/12/30 07:50:50 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011/12/28 18:19:45 | 000,051,138 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_28.12.2011_18.15.52_log.txt
    [2011/10/24 15:04:41 | 000,000,139 | ---- | M] () -- C:\test.ini
    [2009/08/05 11:40:04 | 000,000,024 | ---- | M] () -- C:\url_history.xml

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2011/12/28 14:51:38 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/07 01:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 23:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2011/12/29 03:33:12 | 003,932,160 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2011/12/28 13:02:40 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
    [2011/12/29 03:33:12 | 032,243,712 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2011/12/29 03:33:12 | 005,242,880 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011/12/28 14:52:32 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/10/09 15:16:49 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\OEM\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2008/10/09 15:16:47 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\OEM\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/10/13 12:20:46 | 023,454,528 | ---- | M] ( ) -- C:\Documents and Settings\OEM\Desktop\AdbeRdr812_en_US.exe
    [2011/12/29 10:29:34 | 004,354,974 | R--- | M] (Swearware) -- C:\Documents and Settings\OEM\Desktop\ComboFix.exe
    [2011/10/01 10:58:11 | 001,552,078 | ---- | M] (Toshiyuki Masui ) -- C:\Documents and Settings\OEM\Desktop\Gyazo-1.0.exe
    [2011/12/28 16:55:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\gzgn8iqy.exe
    [2011/12/29 17:34:29 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\OEM\Desktop\mbam-clean.exe
    [2011/12/12 10:38:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\OEM\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/12/30 07:31:25 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\OEM\Desktop\mbam-setup-1.60.0.1800.exe
    [2011/12/30 09:24:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Desktop\OTL.exe
    [2011/12/29 07:53:40 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\OEM\Desktop\RKUnhookerLE.EXE
    [2011/12/18 14:15:15 | 000,706,976 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\OEM\Desktop\SpyHunter-Installer.exe
    [2011/12/28 18:09:00 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OEM\Desktop\tdsskiller.exe
    [2010/09/01 23:17:02 | 000,043,520 | ---- | M] (NirSoft) -- C:\Documents and Settings\OEM\Desktop\WinPrefetchView.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/10/09 15:16:47 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\OEM\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/12/30 09:31:06 | 000,622,592 | ---- | M] () -- C:\Documents and Settings\OEM\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 05:42:40 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
    [1 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2007/04/02 23:37:24 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/03 19:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/03 03:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/14 19:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/15 01:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2001/08/24 01:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2001/08/24 01:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2001/08/24 01:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/03 19:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/03 19:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  9. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Go on.......
  10. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    Go on, you've lost me?
  11. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    I didn't see your message about missing Extras.
    That's fine.

    OTL log looks perfectly clean.

    Any current issues?

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  12. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    SpyHunter
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe
    ``````````End of Log````````````
  13. Broni

    Broni Malware Annihilator Posts: 46,479   +252

  14. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    Do you have a recommendation from the three you listed for AV?

    I'm still running the ESET scan, will post the log or let you know if there was no log when it's completed.

    :)
  15. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    All three are equally good :)
  16. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    Here are the results from the ESET scan ...

    C:\Qoobox\Quarantine\C\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe.vir Win32/Patched.HN trojan cleaned - quarantined
    C:\Qoobox\Quarantine\C\Program Files\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE.vir Win32/Patched.HN trojan cleaned - quarantined
    C:\Qoobox\Quarantine\C\Program Files\Lavasoft\Ad-Aware\AAWService.exe.vir Win32/Patched.HN trojan cleaned - quarantined
    C:\System Volume Information\_restore{CE3D79E4-2AA4-4588-BE0C-9958863083E8}\RP1\A0000006.sys Win32/Patched.NBE trojan deleted - quarantined
    C:\System Volume Information\_restore{CE3D79E4-2AA4-4588-BE0C-9958863083E8}\RP1\A0000011.sys Win32/Patched.NBE trojan deleted - quarantined
    C:\System Volume Information\_restore{CE3D79E4-2AA4-4588-BE0C-9958863083E8}\RP1\A0000024.sys Win32/Patched.NBE trojan deleted - quarantined
    C:\System Volume Information\_restore{CE3D79E4-2AA4-4588-BE0C-9958863083E8}\RP1\A0001024.sys Win32/Patched.NBE trojan deleted - quarantined
    C:\System Volume Information\_restore{CE3D79E4-2AA4-4588-BE0C-9958863083E8}\RP1\A0001074.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\System Volume Information\_restore{CE3D79E4-2AA4-4588-BE0C-9958863083E8}\RP1\A0001075.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\System Volume Information\_restore{CE3D79E4-2AA4-4588-BE0C-9958863083E8}\RP1\A0001076.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\B_95503\ati2evxx.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\_OTL\MovedFiles\12272011_094946\C_Documents and Settings\OEM\Application Data\Afipat\piuguvi.exe a variant of Win32/Kryptik.WMS trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\12272011_094946\C_Documents and Settings\OEM\Local Settings\Application Data\8e6ecde6\X a variant of Win32/Kryptik.XPH trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\12272011_094946\C_Documents and Settings\OEM\Local Settings\Application Data\8e6ecde6\U\80000000.@ a variant of Win32/Sirefef.DV trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\12272011_094946\C_Documents and Settings\OEM\Local Settings\Application Data\8e6ecde6\U\800000cb.@ a variant of Win32/Agent.TEO trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\12272011_094946\C_Documents and Settings\OEM\Local Settings\Application Data\8e6ecde6\U\800000cf.@ a variant of Win32/Sirefef.DV trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\12272011_094946\C_WINDOWS\system32\c_23141.nl_ a variant of Win32/Sirefef.CR trojan cleaned by deleting - quarantined
    E:\Old Hard Disk\F\LAST DESKTOP FOLDER OF STUFF\My Documents\Software Updates\icur484.exe Win32/Adware.Aureate application deleted - quarantined
    E:\Old Hard Disk\F\LAST DESKTOP FOLDER OF STUFF\New Folder\rpGDB_FAT2_00_kg.rar probably a variant of Win32/Agent.JOYOBNO trojan deleted - quarantined
  17. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  18. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    Okay, my Windows Updates are not current I think, due to having to run that Windows Repair step earlier. Should I get that up to date first before running any of the other steps?
  19. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Follow the exact order.
    Updates as a step #3.
  20. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    Okay, will do :)
  21. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: OEM
    ->Temp folder emptied: 395934 bytes
    ->Temporary Internet Files folder emptied: 2515521 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 3.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: OEM
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 12302011_174544

    Files\Folders moved on Reboot...
    C:\Documents and Settings\OEM\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\si[1].htm moved successfully.
    C:\Documents and Settings\OEM\Local Settings\Temporary Internet Files\Content.IE5\IJ2LANUP\topic175185-4[1].html moved successfully.
    C:\Documents and Settings\OEM\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\CAURGNJG.php%3Fp%3D1123146%26posted%3D1&fu=0&ifi=1&dtd=62 moved successfully.

    Registry entries deleted on Reboot...
  22. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Whenever ready....
  23. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    Hi Broni, I will be sure to let you know, I'm only at Step 3 so far :)
  24. wisconsin

    wisconsin Newcomer, in training Topic Starter Posts: 45

    I should add I've only been switching on this machine to run your instructions for the past week, and only to come to this website, so its usage has been very limited over that time. Based on that "experience" so far, it seems to be running just fine but I will feel more confident once I have completed all of the last steps and used the machine for a few days.
  25. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Way to go!! [​IMG]
    Good luck and stay safe :)

    Let me know if something comes up.

    [​IMG]


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.