Solved Recovering after severe virus attack - is it really gone?

AustinSchnitzel · Jan 21, 2011

You fellows have helped me out of a major bind in the past, and here I am again in dire straits and without a clue.

Earlier today I was checking out an innocuous corner of the internet, a website I had visited several times in the past with no issues. This time, however, it hit me with a bluescreen out of nowhere. Upon restarting, I saw the HP loading screen, but before the Windows loading bar faded in, four words appeared in the upper left corner of the screen:

Operating system not found.

Freaking out, I turned it off and on again. It booted fine and I was able to log in. Everything seemed normal for about five minutes. Then I noticed a program I had double-clicked on wasn't running. I opened up a random folder from the desktop and got a blank Explorer window. I double-clicked a Notepad file. Nothing happened. I opened My Computer from the Start Menu. The usual sidebar on the left was missing... as was the C drive.

At this point my heart sunk in my chest, and something... further down... felt like it retracted fully to hide beside my pancreas. I'll spare y'all the details, but after a system restore point, many reboots, diagnostics, Safe Mode tinkering and backing up all personal files and folders to an external hard drive, I want to know what I can do to ensure that whatever hit me is completely gone... before it slams me again the next time I boot up.

Currently I cannot run Avast or Windows Defender unless in Safe Mode. Before just now, I was not able to load past the Welcome screen under normal conditions, nor access the login screen at all while booting in Safe Mode. After a few reboots in relatively quick succession, CHKDSK ran automatically. I don't know how it helped, but here I am. Apart from lack of an active firewall or virus/malware scanner, everything seems to be running stable. But like they say, just because you're not paranoid doesn't mean they're not out to get you...

I apologize for the overly long/dramatic story, but I'm not so good at explaining things like this in purely technical terms. Probably because this laptop is more than just a machine to me. (Preaching to the choir, right?) I'm just wondering where I can go from here. If I have to restore to Factory Condition, that's fine - I'm not in danger of losing any data. But if I can take care of it without shelling out a C-note to the local PC repair shop, even better.

(I'm not sure if this situation calls for a HijackThis log, but I've attached one. It's been a while since I visited this forum, I just remember that when the professional helpers dropped in, it was the first thing they asked of everyone with a boot-related issue.)

Broni · Jan 21, 2011

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

AustinSchnitzel · Jan 22, 2011

Salutations Broni, glad to have you drop in.

You know how they say someone shouldn't fall asleep if they're suffering a severe concussion? That's prety much the situation with my laptop. Every time I reboot, it becomes harder to log in. So far, I've waited for over ten minutes at the Welcome screen to no response. Sometimes it fades to black but the desktop never fully loads. There must be something lurking with my startup processes, or otherwise heavily interfering with Avast and Defender.

I've borrowed my dad's Netbook to post here, and plan to continue the 8-step diagnostic by downloading the diagnostic programs onto my flash drive and running them while my laptop is in Safe Mode (no networking). I don't understand how Safe Mode can load properly one minute and not the next. My best guess is that the CHKDSK utility, slow as it is, is the only thing standing between me and total annihilation.

AustinSchnitzel · Jan 22, 2011

MBAM says it found nothing out of the ordinary. GMER gives me a bluescreen partway through the scan:
uwdcyfow.sys
PAGE_FAULT_IN_NONPAGED_AREA

I guess I'll try scanning one section at a time, then updating the text log. Through process of elimination I'll figure out which section of the scan is having issues.

AustinSchnitzel · Jan 22, 2011

Logs

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.17037

1/22/2011 10:42:58 AM
mbam-log-2011-01-22 (10-42-58).txt

Scan type: Quick scan
Objects scanned: 149508
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS (Ver_10-12-12.02) - NTFSx86
Run by Nicholas at 11:42:40.67 on Sat 01/22/2011
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1336 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON\DTLite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nicholas\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://bash.org/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon\DTLite.exe" -autorun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\nicholas\appdata\roaming\mozilla\firefox\profiles\twc1oc5v.default\
FF - prefs.js: browser.startup.homepage - hxxp://bash.org/
FF - component: c:\users\nicholas\appdata\roaming\mozilla\firefox\profiles\twc1oc5v.default\extensions\afom@idevfh\components\npAFOM.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGPPlugin.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\nicholas\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\nicholas\documents\sparkplay media\sparkplayer (beta)\npSparkPlayerNS.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: AFOM Addon: afom@idevfh - %profile%\extensions\afom@idevfh
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-6-20 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-20 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2007-11-12 53328]
S3 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-21 40384]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-6-18 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-22 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-5-6 15656]
S4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-5-6 2789672]

=============== Created Last 30 ================

2011-01-22 15:39:05 -------- d-----w- c:\users\nicholas\appdata\roaming\Malwarebytes
2011-01-22 15:38:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-22 15:38:58 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-22 15:38:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-22 15:38:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-21 22:47:01 38848 ----a-w- c:\windows\avastSS.scr
2011-01-21 21:50:47 -------- d-----w- c:\progra~2\NTIReg
2011-01-21 20:27:15 15360 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2011-01-21 20:27:13 14336 ----a-w- c:\windows\system32\drivers\UBHelper.sys
2011-01-21 20:26:44 -------- d-----w- c:\windows\system32\drivers\nti\Xp_x86
2011-01-21 20:26:44 -------- d-----w- c:\windows\system32\drivers\nti\w2k_x86
2011-01-21 20:26:44 -------- d-----w- c:\windows\system32\drivers\nti\Vista_x86
2011-01-21 20:26:44 -------- d-----w- c:\windows\system32\drivers\nti\Vista_ia64
2011-01-21 20:26:44 -------- d-----w- c:\windows\system32\drivers\nti\Vista_amd64
2011-01-21 20:26:44 -------- d-----w- c:\windows\system32\drivers\nti\2003_x86
2011-01-21 20:26:44 -------- d-----w- c:\windows\system32\drivers\nti\2003_ia64
2011-01-21 20:26:44 -------- d-----w- c:\windows\system32\drivers\nti\2003_amd64
2011-01-21 20:26:24 -------- d-----w- c:\windows\system32\drivers\nti
2011-01-21 20:26:24 -------- d-----w- c:\program files\NewTech Infosystems
2011-01-21 03:45:19 -------- d-----w- c:\program files\Virtual Audio Cable
2011-01-21 03:36:46 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc50EB.tmp
2011-01-20 16:39:11 -------- d-----w- c:\progra~2\Alwil Software
2011-01-19 19:23:34 -------- d-----w- c:\program files\Comcast
2011-01-19 19:18:59 -------- d-----w- c:\users\nicholas\appdata\local\SupportSoft
2011-01-19 19:18:11 -------- d-----w- c:\program files\common files\SupportSoft
2011-01-19 19:18:11 -------- d-----w- c:\program files\ComcastUI
2011-01-10 00:19:37 -------- d-----w- c:\users\nicholas\appdata\roaming\WindSolutions
2011-01-10 00:19:02 -------- d-----w- c:\progra~2\WindSolutions

==================== Find3M ====================

2010-10-27 04:23:51 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 11:43:33.48 ===============

AustinSchnitzel · Jan 22, 2011

GMER Log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-22 11:37:52
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DK02
Running: bstmr8df.exe; Driver: C:\Users\Nicholas\AppData\Local\Temp\uwdcyfow.sys

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E1A1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [82370360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 84E1A1F8
Device \Driver\atapi \Device\Ide\IdePort1 84E1A1F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [82370360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\am98byxt \Device\Scsi\am98byxt1 868201F8
Device \Driver\am98byxt \Device\Scsi\am98byxt1Port4Path0Target0Lun0 868201F8
Device \FileSystem\Ntfs \Ntfs 84E1B1F8
Device \FileSystem\fastfat \Fat 8F841500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-22 11:29:19
Windows 6.0.6000
Running: bstmr8df.exe; Driver: C:\Users\Nicholas\AppData\Local\Temp\uwdcyfow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x8E35014C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x8E35008C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x8E3500F0]

INT 0x51 ? 8682BF00
INT 0x52 ? 8682BF00
INT 0x72 ? 8682BF00
INT 0x72 ? 8682BF00
INT 0x82 ? 84E19BF8
INT 0x92 ? 8405EBF8
INT 0xA2 ? 8405EBF8
INT 0xB3 ? 8682BF00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spxg.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8C275C57 5 Bytes JMP 8682B4E0
.text ap313eqr.SYS 8CF89000 22 Bytes [1A, 72, 7A, 82, 04, 71, 7A, ...]
.text ap313eqr.SYS 8CF89017 95 Bytes [00, 99, 07, 48, 80, A4, 05, ...]
.text ap313eqr.SYS 8CF89077 85 Bytes [82, D6, 2E, 48, 82, 13, 8A, ...]
.text ap313eqr.SYS 8CF890CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text ap313eqr.SYS 8CF890DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8070F6D6] \SystemRoot\System32\Drivers\spyi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8070F042] \SystemRoot\System32\Drivers\spyi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8070F800] \SystemRoot\System32\Drivers\spyi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8070F0C0] \SystemRoot\System32\Drivers\spyi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8070F13E] \SystemRoot\System32\Drivers\spyi.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8071EB90] \SystemRoot\System32\Drivers\spyi.sys
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortWritePortUchar] 838C86EF
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8C86C0
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 8B108910
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 000CF491
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortMoveMemory] 04508900
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortReadPortUshort] 053C7980
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 560C558B
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C6127557
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\am98byxt.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[468] @ C:\Windows\Explorer.EXE [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Windows\Explorer.EXE[468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00330002
IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00330000
IAT C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1348] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[1532] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe[1652] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [00881940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Windows\RtHDVCpl.exe[1736] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1772] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [00FE1940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[1864] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [00FD1940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1892] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [00821940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2088] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Program Files\Common Files\SupportSoft\bin\bcont.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Users\Nicholas\Desktop\bstmr8df.exe[2604] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Windows\system32\taskeng.exe[2884] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Windows\System32\mobsync.exe[3016] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
IAT C:\Windows\system32\SearchProtocolHost.exe[3452] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [6816D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[3452] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [6816D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[3452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [6816D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[3452] @ C:\Windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [6816D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x32 0xF6 0x9F 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7B 0xDE 0xA0 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0xCE 0x7D 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x32 0xF6 0x9F 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7B 0xDE 0xA0 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0xCE 0x7D 0x1C ...

---- EOF - GMER 1.0.15 ----

Broni · Jan 22, 2011

Attach.txt part of DDS is missing.
Please, post it.

Then....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

========================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

AustinSchnitzel · Jan 22, 2011

The DDS log is attached, though I don't know how the txt file could hold more than what I copied and pasted.

MBRCheck Log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6500 Notebook PC
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 164):
0x82400000 \SystemRoot\system32\ntkrnlpa.exe
0x827A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8070D000 \SystemRoot\System32\Drivers\spji.sys
0x80204000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8047E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8043B000 \SystemRoot\system32\drivers\acpi.sys
0x80433000 \SystemRoot\system32\drivers\msisadrv.sys
0x80424000 \SystemRoot\system32\drivers\volmgr.sys
0x806E8000 \SystemRoot\system32\drivers\pci.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040A000 \SystemRoot\System32\drivers\mountmgr.sys
0x80403000 \SystemRoot\system32\DRIVERS\pciide.sys
0x806DA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80690000 \SystemRoot\System32\drivers\volmgrx.sys
0x82326000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x80688000 \SystemRoot\system32\drivers\atapi.sys
0x8066A000 \SystemRoot\system32\drivers\ataport.SYS
0x80639000 \SystemRoot\system32\drivers\fltmgr.sys
0x80629000 \SystemRoot\system32\drivers\fileinfo.sys
0x80620000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82222000 \SystemRoot\system32\drivers\ndis.sys
0x881D5000 \SystemRoot\system32\drivers\msrpc.sys
0x8819C000 \SystemRoot\system32\drivers\NETIO.SYS
0x88094000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8802A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x883CA000 \SystemRoot\system32\drivers\volsnap.sys
0x80618000 \SystemRoot\System32\Drivers\spldr.sys
0x80609000 \SystemRoot\System32\drivers\partmgr.sys
0x82213000 \SystemRoot\System32\Drivers\mup.sys
0x88005000 \SystemRoot\System32\drivers\ecache.sys
0x82202000 \SystemRoot\system32\drivers\disk.sys
0x883A9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80600000 \SystemRoot\system32\drivers\crcdisk.sys
0x8C476000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BD10000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8BA40000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8BD19000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C33C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C88F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8905A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8D363000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C25D000 \SystemRoot\System32\drivers\watchdog.sys
0x8C481000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C213000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C34A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BC0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D5D9000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8BDE9000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x88D35000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C358000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C45E000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8913D000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8C44A000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8C83E000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8BDD0000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x88D45000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8BAD3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8BDD6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C48C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C41F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8905C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C497000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BB28000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x8C407000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BB40000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x8C805000 \SystemRoot\System32\Drivers\acvb0obw.SYS
0x89058000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0x89040000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x8D338000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D258000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C4A2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D241000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C4AD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D21E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8915B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C200000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8916A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x89052000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D5AF000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D298000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C277000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D57B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BD6A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8BB80000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8BB88000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x88D65000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DA56000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D50E000 \SystemRoot\system32\drivers\portcls.sys
0x8D4E9000 \SystemRoot\system32\drivers\drmk.sys
0x8E110000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8C284000 \SystemRoot\system32\drivers\modem.sys
0x8BD73000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BADA000 \SystemRoot\System32\Drivers\Null.SYS
0x8BAE1000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BC51000 \SystemRoot\System32\drivers\vga.sys
0x8D4C8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BB20000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BB30000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C4C3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C366000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BD7C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E03B000 \SystemRoot\System32\drivers\tcpip.sys
0x8D47F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D46A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D2AC000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8D416000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DA0F000 \SystemRoot\system32\drivers\afd.sys
0x8D577000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8E009000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D400000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C374000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8905E000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8E7ED000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E7B2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D2B6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E79B000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E77A000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8C5EE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8C291000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E650000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8C597000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8C576000 \SystemRoot\System32\Drivers\usbvideo.sys
0x96800000 \SystemRoot\System32\win32k.sys
0x8D2C0000 \SystemRoot\System32\drivers\Dxapi.sys
0x99600000 \SystemRoot\System32\TSDDD.dll
0x99610000 \SystemRoot\System32\cdd.dll
0x9B1A5000 \SystemRoot\system32\drivers\luafv.sys
0x9B18E000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x98C08000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x9C072000 \SystemRoot\system32\drivers\spsys.sys
0x98E10000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9CBA7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D2D4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9923A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9CB3F000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9C01C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9D997000 \SystemRoot\system32\drivers\HTTP.sys
0x9CAE4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D97E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D96A000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D94A000 \SystemRoot\system32\drivers\mrxdav.sys
0x9D8EC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D8B3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D8A1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D87D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D82C000 \SystemRoot\System32\DRIVERS\srv.sys
0xA4EA2000 \SystemRoot\system32\drivers\peauth.sys
0x8D310000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8C4D9000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA94A8000 \??\C:\Users\Nicholas\AppData\Local\Temp\uwdcyfow.sys
0x88DF1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99AE7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x99AD5000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x76E60000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON\Engine.dll

Processes (total 55):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
612 csrss.exe
660 C:\Windows\System32\wininit.exe
672 csrss.exe
704 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
732 C:\Windows\System32\lsm.exe
764 C:\Windows\System32\winlogon.exe
908 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\nvvsvc.exe
988 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\audiodg.exe
1324 C:\Windows\System32\SLsvc.exe
1352 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\nvvsvc.exe
1516 C:\Windows\System32\svchost.exe
1780 C:\Windows\System32\spoolsv.exe
1804 C:\Windows\System32\svchost.exe
576 C:\Windows\System32\dwm.exe
600 C:\Windows\explorer.exe
1688 C:\Program Files\Windows Defender\MSASCui.exe
1420 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1656 C:\Windows\RtHDVCpl.exe
1740 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1244 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2124 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
2132 C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
2140 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2148 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2164 C:\Program Files\Windows Media Player\wmpnscfg.exe
2172 C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
2732 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3012 C:\Windows\System32\svchost.exe
3028 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
3064 C:\Windows\System32\svchost.exe
3092 C:\Windows\System32\svchost.exe
3136 C:\Windows\System32\SearchIndexer.exe
3532 C:\Windows\System32\taskeng.exe
3632 C:\Program Files\Windows Media Player\wmpnetwk.exe
1468 C:\Windows\System32\wbem\unsecapp.exe
3920 WmiPrvSE.exe
1236 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
4136 C:\Windows\System32\wuauclt.exe
568 WUDFHost.exe
2984 C:\Windows\System32\mobsync.exe
5580 C:\Program Files\Mozilla Firefox\firefox.exe
6012 C:\Windows\System32\SearchProtocolHost.exe
5524 C:\Windows\System32\SearchFilterHost.exe
4628 C:\Users\Nicholas\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002c`7cda7c00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2035GSS, Rev: DK020C

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

ComboFix log (Thundercats HOOOO!):

ComboFix 11-01-22.01 - Nicholas 01/22/2011 17:56:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.939 [GMT -5:00]
Running from: c:\users\Nicholas\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config.txt

.
((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))
.

2011-01-22 23:08 . 2011-01-22 23:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-22 23:08 . 2011-01-22 23:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-22 18:05 . 2011-01-20 15:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{698EAE1D-4D04-4E59-9A3D-66E15D86981B}\mpengine.dll
2011-01-22 15:39 . 2011-01-22 15:39 -------- d-----w- c:\users\Nicholas\AppData\Roaming\Malwarebytes
2011-01-22 15:38 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-22 15:38 . 2011-01-22 15:38 -------- d-----w- c:\programdata\Malwarebytes
2011-01-22 15:38 . 2011-01-22 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-22 15:38 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-21 22:47 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-21 21:50 . 2011-01-21 21:50 -------- d-----w- c:\programdata\NTIReg
2011-01-21 20:27 . 2009-05-05 21:46 15360 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2011-01-21 20:27 . 2009-05-05 21:46 14336 ----a-w- c:\windows\system32\drivers\UBHelper.sys
2011-01-21 20:26 . 2011-01-21 20:26 -------- d-----w- c:\windows\system32\drivers\nti
2011-01-21 20:26 . 2011-01-21 20:26 -------- d-----w- c:\program files\NewTech Infosystems
2011-01-21 03:45 . 2011-01-21 03:47 -------- d-----w- c:\program files\Virtual Audio Cable
2011-01-21 03:36 . 2011-01-21 03:36 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc50EB.tmp
2011-01-20 16:39 . 2011-01-20 16:39 -------- d-----w- c:\programdata\Alwil Software
2011-01-19 19:24 . 2011-01-19 19:24 -------- d-----w- c:\programdata\SupportSoft
2011-01-19 19:23 . 2011-01-19 19:23 -------- d-----w- c:\program files\Comcast
2011-01-19 19:18 . 2011-01-20 16:28 -------- d-----w- c:\users\Nicholas\AppData\Local\SupportSoft
2011-01-19 19:18 . 2011-01-19 19:23 -------- d-----w- c:\program files\Common Files\SupportSoft
2011-01-10 00:19 . 2011-01-10 00:19 -------- d-----w- c:\users\Nicholas\AppData\Roaming\WindSolutions
2011-01-10 00:19 . 2011-01-10 00:19 -------- d-----w- c:\programdata\WindSolutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-09 16:27 . 2010-12-09 16:27 644360 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-27 04:23 . 2010-10-27 04:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON\DTLite.exe" [2009-10-30 369200]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"BackupNowEZtray"="c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2009-09-19 562944]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2006-08-01 20:35 67112 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]
2007-01-25 10:00 179200 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIACA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-09-19 22:30 66816 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 00:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-10-03 15:40 13826664 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-10-03 15:40 92776 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-18 21:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-30 23:00 1238352 ----a-w- c:\program files\Games\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3091605995-3638911993-2397923110-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-06-18 17920]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-05 3926520]
R3 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2009-09-19 45312]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
R3 XDva219;XDva219;c:\windows\system32\XDva219.sys [x]
R3 XDva225;XDva225;c:\windows\system32\XDva225.sys [x]
R3 XDva269;XDva269;c:\windows\system32\XDva269.sys [x]
R3 XDva277;XDva277;c:\windows\system32\XDva277.sys [x]
R3 XDva285;XDva285;c:\windows\system32\XDva285.sys [x]
R3 XDva296;XDva296;c:\windows\system32\XDva296.sys [x]
R4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-03-26 2789672]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-24 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-24 53328]

--- Other Services/Drivers In Memory ---

*Deregistered* - uwdcyfow

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bash.org/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\twc1oc5v.default\
FF - prefs.js: browser.startup.homepage - hxxp://bash.org/
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: AFOM Addon: afom@idevfh - %profile%\extensions\afom@idevfh
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
MSConfigStartUp-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSConfigStartUp-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
AddRemove-Lugaru_is1 - c:\users\Nicholas\Desktop\Lugaru\unins000.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
AddRemove-StillPond - c:\users\Nicholas\Desktop\StillPond\uninstall.exe
AddRemove-UBCD4Win_is1 - e:\ubcd4win\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 18:08
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3091605995-3638911993-2397923110-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:a3,5c,f7,62,50,de,14,bd,7f,ae,20,87,cd,50,e8,5d,96,2f,7b,fa,b0,81,ae,
f1,bf,cc,17,aa,c3,16,58,0d,42,69,b1,c3,52,04,72,e5,38,dd,cb,1e,32,f2,03,bf,\
"??"=hex:79,6a,64,c0,c0,ba,4e,bc,e8,32,57,8c,f2,e0,27,cd

[HKEY_USERS\S-1-5-21-3091605995-3638911993-2397923110-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:c1,1c,f7,f1,34,b6,fe,f4,3e,29,4f,b2,a9,f3,38,52,f7,73,28,8f,db,
30,f6,06,21,03,de,15,78,69,1b,f4,29,b6,ec,19,96,27,01,7e,d2,32,22,d2,59,4f,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-22 18:12:55
ComboFix-quarantined-files.txt 2011-01-22 23:12

Pre-Run: 31,771,758,592 bytes free
Post-Run: 31,830,929,408 bytes free

- - End Of File - - 5EBF04E1AF3D768D8BA2FE22300F07E6

Rkill Log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/22/2011 at 18:14:55.
Operating System: Windows Vista (TM) Home Premium

Processes terminated by Rkill or while it was running:

Rkill completed on 01/22/2011 at 18:14:59.

Broni · Jan 22, 2011

The DDS log is attached

Read all of my instructions very carefully.
[...]
Attached logs won't be reviewed.

Then, I said:
Attach.txt part of DDS is missing.
Not DDS.txt.

=======================================================================

Found non-standard or infected MBR.

We need to double check your MBR.

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

AustinSchnitzel · Jan 22, 2011

I get it now. The Attach.txt never appeared last time, so I ran DDS again and there it was.

Attach.txt:

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/29/2007 11:36:09 PM
System Uptime: 1/22/2011 2:12:56 PM (4 hours ago)

Motherboard: Quanta | | 30D2
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | U2E1 | 2000/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 29.686 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.803 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is CDROM (CDFS)
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel

==== System Restore Points ===================

RP715: 1/9/2011 4:16:22 PM - Scheduled Checkpoint
RP716: 1/13/2011 7:06:10 PM - Windows Update
RP717: 1/16/2011 12:11:32 PM - Scheduled Checkpoint
RP718: 1/17/2011 11:38:00 AM - Scheduled Checkpoint
RP719: 1/19/2011 10:37:09 AM - Scheduled Checkpoint
RP720: 1/19/2011 2:17:49 PM - Installed Comcast Desktop Software (v1.2.0.9)
RP721: 1/20/2011 11:39:18 AM - avast! Free Antivirus Setup
RP722: 1/20/2011 10:45:31 PM - Device Driver Package Install: EuMus Design Sound, video and game controllers
RP724: 1/21/2011 3:24:14 PM - Installed NTI Backup Now EZ
RP725: 1/21/2011 5:44:44 PM - avast! Free Antivirus Setup
RP726: 1/22/2011 1:04:32 PM - Windows Update

==== Installed Programs ======================

µTorrent
300 Arcade Games
7-Zip 4.65
AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 8
Adobe Shockwave Player 11
Alex4 v1.1
Amazon MP3 Downloader 1.0.3
AOL Instant Messenger
Apple Application Support
Apple Software Update
AsdaStoy
Audacity 1.2.6
Avanquest update
avast! Free Antivirus
Axialis Professional Screen Saver Producer 3.6
Bandisoft MPEG-1 Decoder
Bonjour Core for Windows
CCleaner
CoffeeCup Flash Form Builder - Registered
CoffeeCup Web Form Builder - Trial
Comcast Desktop Software (v1.2.0.9)
CrazyTalk for Skype
D-Fend Reloaded 0.8.2 (deinstall)
Desktop Doctor
DVD Decrypter (Remove Only)
EA Download Manager
EPSON Printer Software
EPSON Scan
ESU for Microsoft Vista
Frog Hunt v1.0
Game Booster
Goombah Partner COM Server
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Icy Tower v1.4
Intel® Matrix Storage Manager
ips XP 1.11.2600
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 22
Java(TM) SE Runtime Environment 6
La Tale
LightScribe 1.4.136.1
Lost Saga
Majesty - Gold Edition
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Motorola Driver Installation
Motorola Phone Tools
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.19)
Mozilla Thunderbird (2.0.0.21)
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Netscape (7.1)
Nexon Game Manager
NTI Backup Now EZ
NVIDIA Drivers
OGPlanet Game Launcher
Oolite 1.73.4.2579
OpenAL
Oregon Trail II
Overlord
Pando Media Booster
Peggle Extreme
Peggle Nights Deluxe
PetWings
Portal
Postal 2
PSSWCORE
PVSonyDll
QuickTime
Ragnarok Battle Offline
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
RPG Maker 2000 1.05
RTP for RM2K (Png, Wav, Midi, Fonts)
Rumble Fighter
Safari Photo Africa - Wild Earth Demo
Sam and Max - Season One 1.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 3.8
Sparkplayer (Beta)
SPORE™
Steam
Synaptics Pointing Device Driver
Team Fortress 2
The Battle for Middle-earth (tm) II
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Viewpoint Media Player
Vindictus
Visual C++ 8.0 Runtime Setup Package
VLC media player 1.1.4
Wacom Tablet
WAMP5 1.7.4
Winamp (remove only)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Worms World Party
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
Zip Motion Block Video codec (Remove Only)
Zombiepox v1.1

==== Event Viewer Messages From Past Week ========

1/22/2011 9:52:01 AM, Error: EventLog [6008] - The previous system shutdown at 9:24:17 AM on 1/22/2011 was unexpected.
1/22/2011 9:21:17 AM, Error: EventLog [6008] - The previous system shutdown at 9:19:31 AM on 1/22/2011 was unexpected.
1/22/2011 9:20:47 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
1/22/2011 9:16:31 AM, Error: EventLog [6008] - The previous system shutdown at 9:15:01 AM on 1/22/2011 was unexpected.
1/22/2011 9:11:01 AM, Error: EventLog [6008] - The previous system shutdown at 9:09:26 AM on 1/22/2011 was unexpected.
1/22/2011 9:01:17 AM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
1/22/2011 5:56:07 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/22/2011 5:41:32 PM, Error: PlugPlayManager [12] - The device 'HL-DT-ST DVDRAM GSA-T20L ATA Device' (IDE\CdRomHL-DT-ST_DVDRAM_GSA-T20L________________NC08____\5&5b8f77b&0&0.0.0) disappeared from the system without first being prepared for removal.
1/22/2011 11:47:45 AM, Error: EventLog [6008] - The previous system shutdown at 11:44:10 AM on 1/22/2011 was unexpected.
1/22/2011 11:34:10 AM, Error: EventLog [6008] - The previous system shutdown at 11:32:07 AM on 1/22/2011 was unexpected.
1/22/2011 11:23:06 AM, Error: EventLog [6008] - The previous system shutdown at 11:21:10 AM on 1/22/2011 was unexpected.
1/22/2011 11:08:09 AM, Error: EventLog [6008] - The previous system shutdown at 11:05:14 AM on 1/22/2011 was unexpected.
1/22/2011 10:59:14 AM, Error: EventLog [6008] - The previous system shutdown at 10:56:59 AM on 1/22/2011 was unexpected.
1/22/2011 10:04:58 AM, Error: EventLog [6008] - The previous system shutdown at 10:03:01 AM on 1/22/2011 was unexpected.
1/21/2011 9:17:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/21/2011 9:16:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/21/2011 9:16:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/21/2011 9:16:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/21/2011 9:16:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/21/2011 9:16:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/21/2011 9:16:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd Tcpip tdx Wanarpv6
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2011 9:16:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2011 6:04:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
1/21/2011 4:48:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.
1/21/2011 4:48:38 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2011 4:47:29 PM, Error: EventLog [6008] - The previous system shutdown at 4:45:47 PM on 1/21/2011 was unexpected.
1/21/2011 2:44:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001B7794DFDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/21/2011 2:44:38 PM, Error: EventLog [6008] - The previous system shutdown at 2:39:54 PM on 1/21/2011 was unexpected.
1/19/2011 2:24:01 PM, Error: Service Control Manager [7030] - The SupportSoft Sprocket Service (ddoctorv2) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/19/2011 2:12:02 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001B7794DFDE has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/18/2011 7:16:22 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.134. The computer with the IP address 192.168.1.107 did not allow the name to be claimed by this computer.
1/18/2011 4:31:20 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001B7794DFDE. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/17/2011 9:37:44 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/17/2011 3:49:05 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SGTRACER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CDEC8878-63C5-4B73-B758-3E567F. The master browser is stopping or an election is being forced.
1/17/2011 3:35:56 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.134. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.
1/15/2011 9:35:12 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001B7794DFDE. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================

Remover log:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition (build 6000), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: df1c10548966c4f16c540ebf80ffd180

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

Broni · Jan 22, 2011

Thanks

We need to fix your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.
Double click on NTBR_CD.exe file and a folder of the same name will appear.
Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.
Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
Read the warning and then continue as prompted.
You first need to select your keyboard layout - press Enter for English.
Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
On the following screen enter 5 to select Install Standard MBR code.
Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
When asked to confirm please do so.
Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

**Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.

AustinSchnitzel · Jan 24, 2011

New MBR Log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6500 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 159):
0x82400000 \SystemRoot\system32\ntkrnlpa.exe
0x827A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8070D000 \SystemRoot\System32\Drivers\spcu.sys
0x80204000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8047E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8043B000 \SystemRoot\system32\drivers\acpi.sys
0x80433000 \SystemRoot\system32\drivers\msisadrv.sys
0x80424000 \SystemRoot\system32\drivers\volmgr.sys
0x806E8000 \SystemRoot\system32\drivers\pci.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040A000 \SystemRoot\System32\drivers\mountmgr.sys
0x80403000 \SystemRoot\system32\DRIVERS\pciide.sys
0x806DA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80690000 \SystemRoot\System32\drivers\volmgrx.sys
0x82326000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x80688000 \SystemRoot\system32\drivers\atapi.sys
0x8066A000 \SystemRoot\system32\drivers\ataport.SYS
0x80639000 \SystemRoot\system32\drivers\fltmgr.sys
0x80629000 \SystemRoot\system32\drivers\fileinfo.sys
0x80620000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82222000 \SystemRoot\system32\drivers\ndis.sys
0x881D5000 \SystemRoot\system32\drivers\msrpc.sys
0x8819C000 \SystemRoot\system32\drivers\NETIO.SYS
0x88094000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8802A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x883CA000 \SystemRoot\system32\drivers\volsnap.sys
0x80618000 \SystemRoot\System32\Drivers\spldr.sys
0x80609000 \SystemRoot\System32\drivers\partmgr.sys
0x82213000 \SystemRoot\System32\Drivers\mup.sys
0x88005000 \SystemRoot\System32\drivers\ecache.sys
0x82202000 \SystemRoot\system32\drivers\disk.sys
0x883A9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80600000 \SystemRoot\system32\drivers\crcdisk.sys
0x8C35B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8C287000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B563000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88260000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C05A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C88F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x82200000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8D363000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C53D000 \SystemRoot\System32\drivers\watchdog.sys
0x8C366000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B42D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C068000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B41B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D5D9000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8B404000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x88CA5000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C076000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C018000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8C12E000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8C004000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8C405000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8B4B1000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x88CB5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B590000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8C87C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C371000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C851000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x89140000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C37C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x890D4000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x8C839000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x890E4000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x8C800000 \SystemRoot\System32\Drivers\aqds321x.SYS
0x89142000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0x89128000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x8D338000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D2F8000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C387000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D2E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C392000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D2BE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C13D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D2AB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C14C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8912A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D281000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B46A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C557000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D24D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C224000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x89084000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8908C000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x88D45000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DE56000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D4B6000 \SystemRoot\system32\drivers\portcls.sys
0x8D491000 \SystemRoot\system32\drivers\drmk.sys
0x8E110000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8C564000 \SystemRoot\system32\drivers\modem.sys
0x8C22D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B5D6000 \SystemRoot\System32\Drivers\Null.SYS
0x8B5DD000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C2A8000 \SystemRoot\System32\drivers\vga.sys
0x8D470000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x890EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x890F4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C39D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C084000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C236000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E03B000 \SystemRoot\System32\drivers\tcpip.sys
0x8D437000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D422000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D543000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8D40E000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E739000 \SystemRoot\system32\drivers\afd.sys
0x8D4E3000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8E009000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DE00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C092000 \SystemRoot\system32\DRIVERS\netbios.sys
0x89130000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8E726000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E6EB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D54D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E6D4000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E6B3000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8E64C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E61B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8C571000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C456000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x96800000 \SystemRoot\System32\win32k.sys
0x8D561000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C15B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99400000 \SystemRoot\System32\TSDDD.dll
0x99410000 \SystemRoot\System32\cdd.dll
0x9A33E000 \SystemRoot\system32\drivers\luafv.sys
0x9A327000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x890CC000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x9CC85000 \SystemRoot\system32\drivers\spsys.sys
0x99250000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9CC1A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D57F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D135000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9DB97000 \SystemRoot\system32\drivers\HTTP.sys
0x9DB7C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D1E7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9DB68000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9DB48000 \SystemRoot\system32\drivers\mrxdav.sys
0x9DB2A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9DAF1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9DADF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9DA30000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E7AF000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0482000 \SystemRoot\system32\drivers\peauth.sys
0x8D5B1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8C3BE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA9E83000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x773C0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON\Engine.dll

Processes (total 49):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
608 csrss.exe
656 csrss.exe
664 C:\Windows\System32\wininit.exe
700 C:\Windows\System32\services.exe
716 C:\Windows\System32\lsass.exe
732 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\winlogon.exe
908 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\nvvsvc.exe
988 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\audiodg.exe
1320 C:\Windows\System32\SLsvc.exe
1348 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\nvvsvc.exe
1564 C:\Windows\System32\svchost.exe
1780 C:\Windows\System32\spoolsv.exe
1804 C:\Windows\System32\svchost.exe
600 C:\Windows\System32\dwm.exe
916 C:\Windows\explorer.exe
488 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1664 C:\Windows\RtHDVCpl.exe
800 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2076 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2096 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
2124 C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
2136 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2144 C:\Program Files\DAEMON\DTLite.exe
2156 C:\Program Files\Windows Media Player\wmpnscfg.exe
2212 C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
2244 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
2704 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2788 svchost.exe
2948 C:\Windows\System32\svchost.exe
3008 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
3028 C:\Windows\System32\svchost.exe
3088 C:\Windows\System32\svchost.exe
3124 C:\Windows\System32\SearchIndexer.exe
3568 C:\Windows\System32\taskeng.exe
3608 C:\Windows\System32\taskeng.exe
3704 C:\Program Files\Windows Media Player\wmpnetwk.exe
3352 C:\Users\Nicholas\Downloads\MBRCheck.exe
932 C:\Windows\System32\SearchProtocolHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002c`7cda7c00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2035GSS, Rev: DK020C

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Is it possible to explain in layman's terms what the purpose of the MBR is, and what difference a nonstandard one could make?

Broni · Jan 24, 2011

In layman terms, huh?
When a computer starts up, its memory (RAM) is empty, so for the processor (CPU) there is nothing to process, unless it know, where to find some guidance.
That's where MBR, or Master Boot Record comes helpful.
It's a small part of your hard drive, where all initial info is stored.
CPU is programmed to look there and then it knows what to do next.
More info: http://www.pcguide.com/ref/hdd/file/structMBR-c.html

Found non-standard or infected MBR

"non-standard" is not an issue. MBR differs, so it may be some type of MBR, which is just not recognized by our scan.
That's why, we ran another scan, which said:
"186 GB \\.\PhysicalDrive0 Unknown boot code"
Still, it doesn't necessary mean, MBR is infected, but we better re-write it to make sure, you have correct MBR.

If MBR is in fact infected, it'll ask your computer to do other things, than it's supposed to do.

Now...good job on fixing MBR

Combofix log looks good, so we can move on...

How is computer doing at the moment?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

AustinSchnitzel · Jan 24, 2011

OTL textfile:

OTL logfile created on: 1/24/2011 9:32:49 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\Nicholas\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177.95 Gb Total Space | 29.46 Gb Free Space | 16.56% Space Free | Partition Type: NTFS
Drive D: | 8.36 Gb Total Space | 1.80 Gb Free Space | 21.58% Space Free | Partition Type: NTFS

Computer Name: PORTACOMPY | User Name: Nicholas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/24 21:31:18 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Nicholas\Desktop\OTL.exe
PRC - [2010/04/06 17:50:33 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/30 06:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON\DTLite.exe
PRC - [2009/09/19 07:04:52 | 000,562,944 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/24 02:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2007/03/09 12:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (SafeList) ==========

MOD - [2011/01/24 21:31:18 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Nicholas\Desktop\OTL.exe
MOD - [2009/09/18 06:21:10 | 000,073,728 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll
MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/10/05 17:17:27 | 003,926,520 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/04/30 18:00:52 | 000,390,952 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/19 07:04:50 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [On_Demand | Stopped] -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/03/26 16:15:24 | 002,789,672 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/09/05 07:59:02 | 000,024,635 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\wamp\apache2\bin\httpd.exe -- (wampapache)
SRV - [2007/08/10 11:15:35 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/06 11:14:02 | 005,730,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\wamp\mysql\bin\mysqld-nt.exe -- (wampmysqld)
SRV - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (XDva285)
DRV - [2010/02/24 09:41:50 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/10/03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/05/05 16:46:08 | 000,015,360 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009/05/05 16:46:08 | 000,014,336 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/10/06 10:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/07/11 10:16:50 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/06/27 12:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/18 14:19:50 | 000,017,920 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/03/12 14:29:46 | 001,747,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/01 07:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 15:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/22 18:33:00 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2007/01/12 22:59:02 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 03:51:31 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2006/11/02 02:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/18 21:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/10/09 15:47:58 | 000,981,504 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3091605995-3638911993-2397923110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bash.org/
IE - HKU\S-1-5-21-3091605995-3638911993-2397923110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3091605995-3638911993-2397923110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://bash.org/"
FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/08 14:07:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/26 23:25:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/25 17:35:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/11/25 17:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/01/24 16:54:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/10/26 23:24:54 | 000,000,000 | ---D | M]

[2009/07/22 22:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicholas\AppData\Roaming\Mozilla\Extensions
[2011/01/24 19:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\twc1oc5v.default\extensions
[2010/11/15 10:46:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\twc1oc5v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/15 10:46:03 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\twc1oc5v.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2008/01/13 11:45:28 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\twc1oc5v.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}(182)
[2009/12/10 10:11:44 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\twc1oc5v.default\extensions\afom@idevfh
[2009/10/08 11:11:26 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\twc1oc5v.default\extensions\firebug@software.joehewitt.com
[2011/01/24 19:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/26 23:25:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/26 23:23:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/25 01:02:40 | 000,098,304 | ---- | M] (OGPlanet Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npOGPPlugin.dll

O1 HOSTS File: ([2011/01/22 18:08:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-3091605995-3638911993-2397923110-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3091605995-3638911993-2397923110-1000..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3091605995-3638911993-2397923110-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3091605995-3638911993-2397923110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3091605995-3638911993-2397923110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3091605995-3638911993-2397923110-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/12 09:05:54 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
Drivers32: VIDC.ZMBV - C:\Windows\System32\zmbv.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/24 21:31:13 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Users\Nicholas\Desktop\OTL.exe
[2011/01/24 16:50:15 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\Desktop\NTBR_CD
[2011/01/24 16:49:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\NTBR_CD
[2011/01/22 18:12:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/22 18:12:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/22 18:12:57 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\temp
[2011/01/22 17:54:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/22 17:54:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/22 17:54:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/22 17:54:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/22 17:54:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/22 17:53:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/22 17:53:12 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/01/22 10:39:05 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\Malwarebytes
[2011/01/22 10:38:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/22 10:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2011/01/22 10:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/22 10:38:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/22 10:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/21 17:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/01/21 17:47:01 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/21 16:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NTIReg
[2011/01/21 15:27:15 | 000,015,360 | ---- | C] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys
[2011/01/21 15:27:13 | 000,014,336 | ---- | C] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys
[2011/01/21 15:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ
[2011/01/21 15:26:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Xp_x86
[2011/01/21 15:26:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\w2k_x86
[2011/01/21 15:26:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_x86
[2011/01/21 15:26:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_ia64
[2011/01/21 15:26:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_amd64
[2011/01/21 15:26:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_x86
[2011/01/21 15:26:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_ia64
[2011/01/21 15:26:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_amd64
[2011/01/21 15:26:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti
[2011/01/21 15:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems
[2011/01/20 22:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable
[2011/01/20 11:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/01/19 14:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2011/01/19 14:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comcast
[2011/01/19 14:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Comcast
[2011/01/19 14:18:59 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\SupportSoft
[2011/01/19 14:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2011/01/19 14:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\ComcastUI
[2011/01/09 19:19:37 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\WindSolutions
[2011/01/09 19:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions

========== Files - Modified Within 30 Days ==========

[2011/01/24 21:31:18 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Nicholas\Desktop\OTL.exe
[2011/01/24 21:26:50 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/24 21:26:50 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/24 19:53:19 | 000,350,210 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/01/24 19:53:19 | 000,350,210 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/01/24 19:42:11 | 000,031,744 | ---- | M] () -- C:\Users\Nicholas\Desktop\Jobsearch 2011.xls
[2011/01/24 19:26:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/24 17:10:57 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/24 17:10:57 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/24 17:02:30 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/24 16:49:28 | 002,565,432 | ---- | M] () -- C:\Users\Nicholas\Desktop\NTBR_CD.exe
[2011/01/24 15:23:08 | 000,000,212 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus.url
[2011/01/22 18:08:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/22 11:49:23 | 000,001,090 | ---- | M] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\NetHack - Shortcut.lnk
[2011/01/22 11:33:53 | 242,780,429 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/21 17:50:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/01/21 15:41:47 | 000,060,246 | ---- | M] () -- C:\Users\Nicholas\Documents\cc_20110121_154112.reg
[2011/01/17 09:52:15 | 000,118,784 | ---- | M] () -- C:\Users\Nicholas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/02 14:26:09 | 000,000,319 | ---- | M] () -- C:\Windows\System32\Config.bak

========== Files Created - No Company Name ==========

[2011/01/24 16:49:06 | 002,565,432 | ---- | C] () -- C:\Users\Nicholas\Desktop\NTBR_CD.exe
[2011/01/24 10:11:05 | 000,031,744 | ---- | C] () -- C:\Users\Nicholas\Desktop\Jobsearch 2011.xls
[2011/01/22 17:54:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/22 17:54:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/22 17:54:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/22 17:54:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/22 17:54:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/22 11:49:23 | 000,001,090 | ---- | C] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\NetHack - Shortcut.lnk
[2011/01/22 10:59:11 | 242,780,429 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/22 10:59:09 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/21 15:41:31 | 000,060,246 | ---- | C] () -- C:\Users\Nicholas\Documents\cc_20110121_154112.reg
[2010/07/26 11:12:36 | 000,271,264 | ---- | C] () -- C:\Windows\System32\VBRUN100.DLL
[2010/07/26 11:12:36 | 000,004,608 | ---- | C] () -- C:\Windows\MTNEWS.DLL
[2010/07/26 11:12:36 | 000,000,038 | ---- | C] () -- C:\Windows\BestGame.ini
[2010/02/28 11:00:14 | 000,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll
[2010/02/28 11:00:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll
[2010/02/24 13:04:26 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2010/02/24 09:41:50 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/02/23 23:00:41 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/02/23 22:31:06 | 000,000,226 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/07 01:57:04 | 000,000,025 | ---- | C] () -- C:\Windows\entpack.ini
[2009/12/06 09:56:34 | 000,350,210 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/06 09:56:30 | 000,350,210 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/04 19:43:32 | 000,000,328 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/08/20 17:35:06 | 000,006,112 | ---- | C] () -- C:\Windows\System32\cdenable.sys
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/05/27 04:48:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2008/10/13 09:29:28 | 000,000,013 | -H-- | C] () -- C:\ProgramData\˜113.›sys
[2008/09/15 01:42:49 | 000,000,115 | ---- | C] () -- C:\Windows\custvoic.ini
[2008/06/11 20:42:16 | 000,000,121 | ---- | C] () -- C:\Windows\Winamp.ini
[2008/06/01 16:27:23 | 000,000,680 | ---- | C] () -- C:\Users\Nicholas\AppData\Local\d3d9caps.dat
[2008/04/09 11:14:04 | 000,000,000 | ---- | C] () -- C:\Users\Nicholas\AppData\Local\FnF4.txt
[2007/09/27 20:52:50 | 000,006,607 | ---- | C] () -- C:\Windows\GCSPRO.INI
[2007/08/13 14:50:39 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/08/13 14:38:51 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/08/13 14:38:51 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/08/13 14:38:51 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/08/10 11:08:21 | 000,118,784 | ---- | C] () -- C:\Users\Nicholas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/09 17:59:30 | 000,110,300 | ---- | C] () -- C:\Users\Nicholas\AppData\Roaming\nvModes.001
[2007/08/09 17:53:56 | 000,110,300 | ---- | C] () -- C:\Users\Nicholas\AppData\Roaming\nvModes.dat
[2007/08/09 05:01:11 | 000,000,000 | ---- | C] () -- C:\Users\Nicholas\AppData\Local\QSwitch.txt
[2007/08/09 05:01:11 | 000,000,000 | ---- | C] () -- C:\Users\Nicholas\AppData\Local\DSwitch.txt
[2007/08/09 05:01:11 | 000,000,000 | ---- | C] () -- C:\Users\Nicholas\AppData\Local\AtStart.txt
[2007/05/12 08:52:47 | 000,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/27 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 07:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2010/10/26 23:29:07 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\.minecraft
[2007/08/13 01:12:40 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\acccore
[2008/01/13 12:38:27 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\Aim
[2009/03/07 23:06:38 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\Amazon
[2010/08/31 13:04:33 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\Axialis
[2009/08/29 15:40:12 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\Blitware
[2010/02/24 09:50:49 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\DAEMON Tools Lite
[2009/11/15 21:26:16 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\EPSON
[2008/01/06 16:12:42 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2008/12/24 20:46:03 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\Ruckus Network
[2008/12/28 17:28:08 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\SPORE
[2008/12/26 19:58:27 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\SPORE Creature Creator
[2009/03/06 15:16:37 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\tastyplanet
[2007/08/11 13:34:21 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\Thunderbird
[2010/11/27 22:56:56 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\Unity
[2010/10/25 22:10:45 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\uTorrent
[2007/08/09 17:57:07 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\WildTangent
[2011/01/09 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\WindSolutions
[2009/08/19 14:06:03 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\WinFF
[2011/01/24 16:58:45 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/05/12 09:05:54 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 04:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2011/01/22 18:12:55 | 000,013,890 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/24 17:02:30 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2008/07/06 18:59:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/12/25 02:15:36 | 000,001,385 | -H-- | M] () -- C:\IPH.PH
[2008/07/06 18:59:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/24 17:02:28 | 2459,762,688 | -HS- | M] () -- C:\pagefile.sys
[2010/08/01 13:11:34 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011/01/22 18:14:59 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2009/06/03 14:16:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/06/04 19:29:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/08/01 23:09:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/08/17 12:29:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/09/29 14:41:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/10/07 17:46:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/09/19 00:16:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/09/19 14:27:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/10/03 19:11:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/12/04 19:57:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/01/21 23:37:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/02/08 13:31:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/02/24 00:56:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/02/25 01:38:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/02/27 01:27:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/03/01 13:04:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/03/01 21:44:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/03/30 12:04:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/04/01 16:22:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/06/02 19:58:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/06/03 14:16:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/06/04 19:29:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/08/01 23:09:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/17 12:29:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/09/29 14:41:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/10/07 17:46:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/09/19 00:16:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/09/19 14:27:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/10/03 19:11:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/12/04 19:57:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/01/21 23:37:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/02/08 13:31:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/02/24 00:56:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/02/25 01:38:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/02/27 01:27:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/03/01 13:04:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/03/01 21:44:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/03/30 12:04:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/04/01 16:22:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/06/02 19:58:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 04:46:05 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/12/13 11:02:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/04 13:39:07 | 000,000,286 | -HS- | M] () -- C:\Users\Nicholas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/24 16:49:28 | 002,565,432 | ---- | M] () -- C:\Users\Nicholas\Desktop\NTBR_CD.exe
[2011/01/24 21:31:18 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Nicholas\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

AustinSchnitzel · Jan 24, 2011

OTL continued:

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2007/07/29 22:36:31 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2007/07/29 22:36:01 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2007/07/29 22:36:01 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2007/07/29 22:36:01 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2007/07/29 22:36:01 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2007/07/29 22:36:01 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/08/30 17:09:53 | 000,000,402 | -HS- | M] () -- C:\Users\Nicholas\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2007/05/12 08:53:11 | 000,000,320 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/01/24 19:53:19 | 000,350,210 | ---- | M] () -- C:\ProgramData\nvModes.001
[2008/10/13 09:29:28 | 000,000,013 | -H-- | M] () -- C:\ProgramData\˜113.›sys

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2010/11/16 13:20:07 | 000,000,000 | ---D | M](C:\Users\Nicholas\Documents\?? ???) -- C:\Users\Nicholas\Documents\넥슨 플러그
[2010/11/16 13:20:07 | 000,000,000 | ---D | C](C:\Users\Nicholas\Documents\?? ???) -- C:\Users\Nicholas\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C28667BE

< End of report >

Extras textfile:

OTL Extras logfile created on: 1/24/2011 9:32:49 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\Nicholas\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177.95 Gb Total Space | 29.46 Gb Free Space | 16.56% Space Free | Partition Type: NTFS
Drive D: | 8.36 Gb Total Space | 1.80 Gb Free Space | 21.58% Space Free | Partition Type: NTFS

Computer Name: PORTACOMPY | User Name: Nicholas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3091605995-3638911993-2397923110-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3091605995-3638911993-2397923110-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E587F20-0AE5-4C90-B2D7-7E030C0A4032}" = lport=445 | protocol=6 | dir=in | app=system |
"{240334CB-4CE8-49EB-831D-057D9D38FCF0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3EEA229E-2CD0-45B0-B0C6-A1DDD938FFCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4F6BAD48-07D7-457A-8928-75264E87C314}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{555E70B8-7E08-4874-A853-29C9E554E2D9}" = lport=137 | protocol=17 | dir=in | app=system |
"{694367D1-9978-4E50-8679-348CD0262672}" = lport=139 | protocol=6 | dir=in | app=system |
"{9063BE16-7E2C-40BE-B656-F16E8767C465}" = rport=445 | protocol=6 | dir=out | app=system |
"{98E50548-1EB8-4A2B-83D1-8A65795B2A5D}" = rport=139 | protocol=6 | dir=out | app=system |
"{9FE16AAC-502B-4BC9-8DD8-86F9D2E82BDA}" = rport=138 | protocol=17 | dir=out | app=system |
"{A15CF75D-8787-44EB-8B57-7CFC8668737C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AE175D3B-EEA8-4813-879C-A4EA5881F753}" = lport=138 | protocol=17 | dir=in | app=system |
"{BE126980-6E3F-49E0-8D49-F1D627B4AC84}" = rport=137 | protocol=17 | dir=out | app=system |
"{F4C71685-4902-4669-9DA8-538605EA6216}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0256AF85-1C73-431B-8B04-D00EDB3BB369}" = protocol=17 | dir=in | app=c:\program files\games\steam\steam.exe |
"{03896419-8B25-4710-9CEF-5234C43D08E6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{14D5E2B0-C8B8-4463-BB3A-3778585DB687}" = protocol=17 | dir=in | app=c:\users\nicholas\appdata\local\temp\7zs7021.tmp\symnrt.exe |
"{1BE4571D-ECD1-4DAC-B739-4E4DCE90BB1E}" = protocol=6 | dir=in | app=c:\program files\ogplanet\lostsaga\lostsaga.exe |
"{29B8D482-DCDA-46BB-8BAD-144F17FA5340}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2D1C6895-E1FF-47F0-B40A-64BE62FB67BB}" = protocol=17 | dir=in | app=c:\program files\ogplanet\lostsaga\autoupgrade.exe |
"{2F4B3E9A-3E1C-4B98-B3E7-E3FAEFE06AC8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3A808B34-A8F0-437B-B4D4-BC6B24D3DF2F}" = protocol=17 | dir=in | app=c:\users\nicholas\appdata\local\temp\7zsea01.tmp\symnrt.exe |
"{3FBBDC99-36F7-472B-8DFF-10EAB906CE9C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{41F5BB8A-8C84-4517-9B97-7385F8F2E561}" = protocol=6 | dir=in | app=c:\program files\games\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{454464FF-A4B1-4479-A732-227306BAE003}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4C08C3D4-4C2A-47B9-A337-EB42F6123705}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4CDEA394-3899-4C01-A3AF-B82DCFA535DD}" = protocol=17 | dir=in | app=c:\program files\ogplanet\lostsaga\autoupgrade.exe |
"{506EEF95-D2C1-43D0-A3B1-303F3622B6BA}" = protocol=6 | dir=in | app=c:\users\nicholas\appdata\local\temp\7zs1777.tmp\symnrt.exe |
"{535939B3-6220-4204-A83B-8A784C2055D4}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{58687947-5A62-4431-8516-D3C37B046C4F}" = protocol=6 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"{5C165A40-2C81-4544-8A77-01A9F766954D}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{63CDDBBA-EAEC-475F-BC35-608C7ED5E6CB}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{652D5010-BD52-411C-BF10-0EC873CA877C}" = protocol=6 | dir=in | app=c:\program files\ogplanet\lostsaga\lostsaga.exe |
"{6921762A-D61C-45A8-8193-3E9C6B54ACFF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6CC41A08-8F41-40FC-A9BA-CFC0B366DCB1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6D051980-A2AC-437B-BAF2-FC87B66A5815}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6EF8F5FB-7D13-42C2-9A1E-D1F9F8D6CE77}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6F5245BB-59EF-4B12-BAC3-0306C921215B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{767B73D6-9E47-4D5E-AA32-452DDA2315C6}" = protocol=17 | dir=in | app=c:\program files\ogplanet\lostsaga\lostsaga.exe |
"{7A4BAAF5-CD70-43B0-895F-57265FF248EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{82DE0EC8-9170-4A3D-A54D-DB2B69EDE75F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{85B40040-D6A9-4B6E-B1D3-779E70E0A1A0}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8A239AE5-90F4-4867-A0B8-AE1DE5D89C5A}" = protocol=6 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"{950F0A85-4705-4483-8990-5D81D64A2EA0}" = protocol=6 | dir=in | app=c:\users\nicholas\appdata\local\temp\7zsea01.tmp\symnrt.exe |
"{98A504E9-79F4-496E-A9BD-E98B70C1DC2B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{99A41779-6DE4-4A4C-A5A6-7386CCF9C71E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A14CDCF5-83B9-49B8-9CC6-F720A72A2243}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B04CB42A-CA20-49B2-A493-BBD79F9FF65B}" = protocol=17 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"{B2441BB2-A05F-4B35-A624-0DC490B74DF8}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{B2CCA1F0-5D97-42C0-8F7B-F9E84B888D4F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B5B0B061-6DC2-4987-AD3D-C186E72C0D80}" = protocol=6 | dir=in | app=c:\program files\ogplanet\lostsaga\autoupgrade.exe |
"{B5E22163-FC6F-4CE1-AD48-F86C6D9D560D}" = protocol=6 | dir=in | app=c:\users\nicholas\appdata\local\temp\7zs7021.tmp\symnrt.exe |
"{BFFFD482-D750-4518-90BF-FAC744E35EBF}" = protocol=17 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"{C1862C39-FE79-4912-B480-96056F8C224E}" = protocol=17 | dir=in | app=c:\program files\ogplanet\lostsaga\lostsaga.exe |
"{C294C988-B6BE-44C5-88CE-F7DBCA8CE66B}" = protocol=6 | dir=in | app=c:\program files\games\steam\steam.exe |
"{C2A87E31-7AC7-453B-B21B-5834DCCA26DE}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{C5262C04-670E-407D-A7E8-F81B5E3ABE94}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{CB575478-28CA-4D81-84A5-B194C2AABB58}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D11A6C04-D42F-4E5A-973F-8D44E94DF66D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D528DED1-656E-4851-BE5A-5EF219176260}" = protocol=6 | dir=in | app=c:\program files\ogplanet\lostsaga\autoupgrade.exe |
"{D95D4E5C-07A2-48E3-A3C2-0FB87832B893}" = protocol=17 | dir=in | app=c:\users\nicholas\appdata\local\temp\7zs1777.tmp\symnrt.exe |
"{D9CEC229-1A3F-44FA-AB0C-97CA3AD0C529}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{DCD06849-3B4F-44C0-874A-9155B95BD8EC}" = protocol=17 | dir=in | app=c:\program files\games\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{E2D84E14-2420-421A-8ECC-C8A0553A1FC5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E6F9176B-1905-48A6-BF10-4C3E0B839F55}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F7A0DC85-77BD-4A22-841D-0CAD21FB1FB8}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FDA840AD-64D4-4EC8-BFDC-110436EFEFA7}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"TCP Query User{06F7F6DA-C82C-4C47-9568-547BCDC9509D}C:\users\nicholas\desktop\my stuff\useful programs\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\users\nicholas\desktop\my stuff\useful programs\ws_ftp\ws_ftp95.exe |
"TCP Query User{2359B63C-06EE-4AE1-96BA-55D258B0AFAD}G:\drag-n-drop backup\my stuff\games\monster\monster.exe" = protocol=6 | dir=in | app=g:\drag-n-drop backup\my stuff\games\monster\monster.exe |
"TCP Query User{26906887-0E66-49DF-82E4-5623EDEC79BC}C:\program files\games\overlord\overlord.exe" = protocol=6 | dir=in | app=c:\program files\games\overlord\overlord.exe |
"TCP Query User{435AD63C-827F-4BA4-B338-292479B05733}C:\program files\wamp\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files\wamp\apache2\bin\httpd.exe |
"TCP Query User{4B91B8BD-FBD4-406E-956D-6AFF0A250BA2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5C813C09-9CF8-4557-A380-8A45BB81F94C}C:\users\nicholas\desktop\my stuff\ftp stuff\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\users\nicholas\desktop\my stuff\ftp stuff\ws_ftp\ws_ftp95.exe |
"TCP Query User{AD28438A-3FF8-4645-B593-1ABCD35AC2EC}C:\program files\games\steam\steamapps\austinschnitzel\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\games\steam\steamapps\austinschnitzel\team fortress 2\hl2.exe |
"TCP Query User{B7FF5052-F36D-47AF-A1DA-49C00C70AAB4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{B91ABA4E-411F-4CC1-AA75-724C4C14433F}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{1063827B-C1AC-4A4F-AF35-D806FA9F7B48}C:\users\nicholas\desktop\my stuff\ftp stuff\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\users\nicholas\desktop\my stuff\ftp stuff\ws_ftp\ws_ftp95.exe |
"UDP Query User{2B9EC2E1-4AD5-4360-ACF7-B78268DEC626}C:\users\nicholas\desktop\my stuff\useful programs\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\users\nicholas\desktop\my stuff\useful programs\ws_ftp\ws_ftp95.exe |
"UDP Query User{82487B7D-D9D4-43EF-827A-C063C9B11CC2}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{96100306-1659-495E-8919-0342A73BA4C4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9F6EC701-F463-4561-BD07-69895737CD1D}C:\program files\games\overlord\overlord.exe" = protocol=17 | dir=in | app=c:\program files\games\overlord\overlord.exe |
"UDP Query User{A6237383-4EC3-4282-A07F-14505BF5060D}C:\program files\games\steam\steamapps\austinschnitzel\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\games\steam\steamapps\austinschnitzel\team fortress 2\hl2.exe |
"UDP Query User{AFDFB71B-5231-44D7-8C72-AD77518609C1}C:\program files\wamp\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files\wamp\apache2\bin\httpd.exe |
"UDP Query User{B7500936-5612-4691-B405-C0C220C629B2}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{F78C8B7C-6CA2-4C3D-A4AB-2F448923A3D1}G:\drag-n-drop backup\my stuff\games\monster\monster.exe" = protocol=17 | dir=in | app=g:\drag-n-drop backup\my stuff\games\monster\monster.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB03}" = La Tale
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1517A7CB-5F00-4A88-8F06-E89B6DB63784}" = ESU for Microsoft Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212125C1-E5A3-4810-A057-C20FB2A79327}" = Majesty - Gold Edition
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8CE3E8-FCB0-4CD5-910B-19B80FCF9CBF}" = PetWings
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}" = Motorola Driver Installation
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8865B208-4759-4308-8DB5-3C18D2F568E2}" = CrazyTalk for Skype
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DC7AE432-E94C-4C8E-89A7-1958C0F6563A}" = Safari Photo Africa - Wild Earth Demo
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"300 Arcade Games" = 300 Arcade Games
"7-Zip" = 7-Zip 4.65
"AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disreg~5122E60D_is1" = AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Alex the Allegator 4_is1" = Alex4 v1.1
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AOL Instant Messenger" = AOL Instant Messenger
"AsdaStoy" = AsdaStoy
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CCleaner" = CCleaner
"CoffeeCup Flash Form Builder - Registered" = CoffeeCup Flash Form Builder - Registered
"CoffeeCup Web Form Builder - Trial" = CoffeeCup Web Form Builder - Trial
"D-Fend Reloaded" = D-Fend Reloaded 0.8.2 (deinstall)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Frog Hunt_is1" = Frog Hunt v1.0
"Game Booster_is1" = Game Booster
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Icy Tower v1.4_is1" = Icy Tower v1.4
"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"ips XP_is1" = ips XP 1.11.2600
"LostSagaUS" = Lost Saga
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"Netscape (7.1)" = Netscape (7.1)
"NVIDIA Drivers" = NVIDIA Drivers
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"Oolite" = Oolite 1.73.4.2579
"OpenAL" = OpenAL
"Oregon Trail II" = Oregon Trail II
"Peggle Nights Deluxe" = Peggle Nights Deluxe
"Postal 2" = Postal 2
"Professional Screen Saver Producer" = Axialis Professional Screen Saver Producer 3.6
"Ragnarok Battle Offline" = Ragnarok Battle Offline
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"RPG Maker 2000 1.05" = RPG Maker 2000 1.05
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"RumbleFighter" = Rumble Fighter
"Sam and Max - Season One" = Sam and Max - Season One 1.0
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Steam App 220" = Half-Life 2
"Steam App 3483" = Peggle Extreme
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vindictus" = Vindictus
"VLC media player" = VLC media player 1.1.4
"Wacom Tablet Driver" = Wacom Tablet
"WAMP5_is1" = WAMP5 1.7.4
"WildTangent hplaptop Master Uninstall" = My HP Games
"Winamp" = Winamp (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"Zombiepox_is1" = Zombiepox v1.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3091605995-3638911993-2397923110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sparkplayer (Beta)" = Sparkplayer (Beta)
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 5/17/2008 9:12:35 PM | Computer Name = PortaCompy | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Nicholas\AppData\Local\Microsoft\Messenger\nhanson@twmi.rr.com\Sharing
Folders\leogoth22@hotmail.com\Error.bmp\Error-{01A9CD7E-35FA-4382-A4D1-FB102D786FD5}-v322.bmp
failed, 00000490.

Error - 6/11/2008 9:40:01 PM | Computer Name = PortaCompy | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Nicholas\AppData\Local\Microsoft\Messenger\nhanson@twmi.rr.com\Sharing
Folders\leogoth22@hotmail.com\The Forbidden Breed Bloopers.docx\The Forbidden Breed
Bloopers-{01A9CD7E-35FA-4382-A4D1-FB102D786FD5}-v326.docx failed, 00000490.

Error - 3/6/2009 12:38:30 AM | Computer Name = PortaCompy | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\School Stuff\Doom Research 1.doc failed, 000003E6.

Error - 4/11/2009 9:12:49 AM | Computer Name = PortaCompy | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Theory and Reality.doc failed, 000003E6.

Error - 4/20/2009 9:32:30 PM | Computer Name = PortaCompy | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\School Stuff\AlumActionPLan.doc failed, 000003E6.

Error - 8/18/2009 5:53:30 PM | Computer Name = PortaCompy | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\My Stuff\Other Stuff\LD5\Banjo-Tooie\P1010020.JPG failed, 00000015.

Error - 8/18/2009 5:53:30 PM | Computer Name = PortaCompy | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\My Stuff\Other Stuff\LD5\Banjo-Tooie\P1010007.JPG failed, 00000015.

Error - 8/18/2009 5:53:30 PM | Computer Name = PortaCompy | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\My Stuff\Other Stuff\LD5\Banjo-Tooie\P1010011.JPG failed, 00000015.

Error - 10/3/2009 1:33:49 PM | Computer Name = PortaCompy | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\IrrigationBrochure_PV[1].doc failed, 000003E6.

Error - 11/5/2009 10:17:48 PM | Computer Name = PortaCompy | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
H:\Retail Therapy.doc failed, 000003E6.

[ Application Events ]
Error - 3/9/2010 7:00:26 PM | Computer Name = PortaCompy | Source = System Restore | ID = 8193
Description =

Error - 3/11/2010 12:53:47 AM | Computer Name = PortaCompy | Source = Application Error | ID = 1000
Description = Faulting application oolite.exe, version 0.0.0.0, time stamp 0x4ab8fd7c,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0196ea4d, process id 0x1360, application start time 0x01cac0caced5e3bb.

Error - 3/11/2010 2:01:39 AM | Computer Name = PortaCompy | Source = Application Error | ID = 1000
Description = Faulting application oolite.exe, version 0.0.0.0, time stamp 0x4ab8fd7c,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x01eae9cd, process id 0xc90, application start time 0x01cac0d6eb37d39b.

Error - 3/11/2010 10:35:43 AM | Computer Name = PortaCompy | Source = Application Error | ID = 1000
Description = Faulting application oolite.exe, version 0.0.0.0, time stamp 0x4ab8fd7c,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x017aebcd, process id 0x1e0, application start time 0x01cac12671464d95.

Error - 3/11/2010 10:40:58 AM | Computer Name = PortaCompy | Source = Application Error | ID = 1000
Description = Faulting application oolite.exe, version 0.0.0.0, time stamp 0x4ab8fd7c,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x01f1ebcd, process id 0xe30, application start time 0x01cac1283b04e3c5.

Error - 3/11/2010 10:59:32 AM | Computer Name = PortaCompy | Source = Application Error | ID = 1000
Description = Faulting application oolite.exe, version 0.0.0.0, time stamp 0x4ab8fd7c,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x01bceb4d, process id 0xb10, application start time 0x01cac129cbe5a545.

Error - 3/11/2010 11:22:08 AM | Computer Name = PortaCompy | Source = Application Error | ID = 1000
Description = Faulting application oolite.exe, version 0.0.0.0, time stamp 0x4ab8fd7c,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x017aeb4d, process id 0xb70, application start time 0x01cac12e00503cb5.

Error - 3/11/2010 6:57:12 PM | Computer Name = PortaCompy | Source = Application Error | ID = 1000
Description = Faulting application oolite.exe, version 0.0.0.0, time stamp 0x4ab8fd7c,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x012dea8f, process id 0x1184, application start time 0x01cac16bf78f3ef0.

Error - 3/11/2010 8:24:29 PM | Computer Name = PortaCompy | Source = Application Error | ID = 1000
Description = Faulting application oolite.exe, version 0.0.0.0, time stamp 0x4ab8fd7c,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0105ea0d, process id 0x1050, application start time 0x01cac16e4c9a1c60.

Error - 3/14/2010 2:37:39 AM | Computer Name = PortaCompy | Source = Application Error | ID = 1000
Description = Faulting application HprSnap5.exe, version 5.62.1.0, time stamp 0x41b0d4ef,
faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
code 0x80000004, fault offset 0x00060e47, process id 0x1658, application start time
0x01cac31d456da65b.

[ Media Center Events ]
Error - 1/1/2009 2:47:37 PM | Computer Name = PortaCompy | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/3/2009 3:33:12 AM | Computer Name = PortaCompy | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 5:29:37 PM | Computer Name = PortaCompy | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/16/2009 9:27:41 PM | Computer Name = PortaCompy | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/17/2010 9:42:37 PM | Computer Name = PortaCompy | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/1/2010 9:17:45 PM | Computer Name = PortaCompy | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/22/2011 12:34:10 PM | Computer Name = PortaCompy | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:32:07 AM on 1/22/2011 was unexpected.

Error - 1/22/2011 12:47:45 PM | Computer Name = PortaCompy | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:44:10 AM on 1/22/2011 was unexpected.

Error - 1/22/2011 12:49:11 PM | Computer Name = PortaCompy | Source = Service Control Manager | ID = 7000
Description =

Error - 1/22/2011 6:41:32 PM | Computer Name = PortaCompy | Source = PlugPlayManager | ID = 12
Description = The device 'HL-DT-ST DVDRAM GSA-T20L ATA Device' (IDE\CdRomHL-DT-ST_DVDRAM_GSA-T20L________________NC08____\5&5b8f77b&0&0.0.0)
disappeared from the system without first being prepared for removal.

Error - 1/22/2011 6:56:07 PM | Computer Name = PortaCompy | Source = Service Control Manager | ID = 7030
Description =

Error - 1/22/2011 7:08:53 PM | Computer Name = PortaCompy | Source = Service Control Manager | ID = 7030
Description =

Error - 1/23/2011 11:42:02 AM | Computer Name = PortaCompy | Source = Service Control Manager | ID = 7000
Description =

Error - 1/23/2011 1:37:37 PM | Computer Name = PortaCompy | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 1/23/2011 2:50:19 PM | Computer Name = PortaCompy | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 1/24/2011 6:04:05 PM | Computer Name = PortaCompy | Source = Service Control Manager | ID = 7000
Description =

< End of report >

Broni · Jan 24, 2011

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

======================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3091605995-3638911993-2397923110-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2008/10/13 09:29:28 | 000,000,013 | -H-- | C] () -- C:\ProgramData\˜113.›sys
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C28667BE


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" =-


:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

AustinSchnitzel · Jan 25, 2011

OTL again:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-21-3091605995-3638911993-2397923110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\ProgramData\˜113.›sys moved successfully.
ADS C:\ProgramData\TEMP:C28667BE deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nicholas
->Temp folder emptied: 4011268 bytes
->Temporary Internet Files folder emptied: 3277336 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 61696976 bytes
->Flash cache emptied: 1994 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70252 bytes
RecycleBin emptied: 277903161 bytes

Total Files Cleaned = 331.00 mb

[EMPTYFLASH]

User: All Users
User: Default
User: Default User
User: Guest
->Flash cache emptied: 0 bytes

User: Nicholas
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.5 log created on 01252011_092235
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

Security Check log:

Results of screen317's Security Check version 0.99.7
Windows Vista (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 2
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 8
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.19) Firefox Out of Date!
Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

ESET log:

C:\ProgramData\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe probably a variant of Win32/Agent.HZHBURL trojan
C:\Users\All Users\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe probably a variant of Win32/Agent.HZHBURL trojan

Broni · Jan 25, 2011

Uninstall:
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 2

=====================================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

====================================================================

Uninstall Thunderbird, if you don't use it. Your version is very outdated.

====================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL

:Services

:Reg

:Files
C:\ProgramData\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe 
C:\Users\All Users\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 2 installation; very important!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

Broni · Jan 30, 2011

The issue seems to be resolved.

Solved Recovering after severe virus attack - is it really gone?

Posts: 38 +0

Attachments

Posts: 56,041 +516

Posts: 38 +0

Posts: 38 +0

Posts: 38 +0

Posts: 38 +0

Posts: 56,041 +516

Posts: 38 +0

Attachments

Posts: 56,041 +516

Posts: 38 +0

Posts: 56,041 +516

Posts: 38 +0

Posts: 56,041 +516

Posts: 38 +0

Posts: 38 +0

Posts: 56,041 +516

Posts: 38 +0

Posts: 56,041 +516

Posts: 56,041 +516

Similar threads