TechSpot

Win32.Bamital-X infection + possible keylogger

By Mustard87
Sep 9, 2010
  1. Hi, recently i have been having loads of malware problem with my computer, it all started with some weird virus/malware that redirected all my browser activities to malicious websites.

    I tried to run a few cleanup programs as malwarebytes and superantispyware, they found some malwares but apparently not the ones causing the redirecting problems.

    Anyway today i noticed that my gmail account had been accessed from a IP-adress in Japan/Korea and tons of spam had been sent from my address to others, so in fear of a keylogger i went and downloaded avast pro version and did a scan.

    I found loads of infections that i cleaned/quarantined but there where 3 files i couldnt quarantine/remove because they where used by the os:

    c:\windows\explorer.exe - threat: Win32:Bamital-X
    c:\windows\system32\winlogon.exe - threat: Win32:Bamital-X
    c:\windows\explorer.exe - threat: Win32:Bamital-X

    now i was wondering if i could get some help to fix these please, also if someone could help me detect the keylogger if there is one, my gmail is the only thing that have been accessed sofar.

    Im not pro at computers but neither a beginner so i should be fine following your instructions :), thanks in advance.

    Best Regards/ Mustard87
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

  3. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    Thanks and sorry i must have missed that thread, logs coming up.
    I was unable to run the GMER app because it caused bluescreens and freezes and other nasty stuff so i decided to leave it alone.

    EDIT:

    Also i had three logs of malwarebytes, two from yesterday a quick and a complete scan then there where logs from a scan i did a few days ago that found some registry errors, ill go ahead and post them all.

    EDIT 2:

    I was unable to shutdown avast, i hope it didn't interfere to much, it still detects the viruses after all the steps.
     
  4. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4541

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    2010-09-04 15:01:30
    mbam-log-2010-09-04 (15-01-30).txt

    Scan type: Quick scan
    Objects scanned: 125646
    Time elapsed: 3 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  5. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4583

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    2010-09-09 18:57:53
    mbam-log-2010-09-09 (18-57-53).txt

    Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|)
    Objects scanned: 28813
    Time elapsed: 6 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Mathias Svensson\Application Data\Sun\Java\Deployment\cache\6.0\16\1a3682d0-13b2f1c2 (Trojan.Downloader) -> Quarantined and deleted successfully.
     
  6. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4583

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    2010-09-09 19:58:30
    mbam-log-2010-09-09 (19-58-30).txt

    Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|)
    Objects scanned: 179038
    Time elapsed: 59 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 17

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Qoobox\Quarantine\C\Documents and Settings\Mathias Svensson\Local Settings\Application Data\34888628.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Documents and Settings\Mathias Svensson\Local Settings\Application Data\lxdyxbauj\fkxfxnjshdw.exe.vir (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Documents and Settings\Mathias Svensson\Local Settings\Application Data\ywgaxaatf\flqubuushdw.exe.vir (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\sshnas21.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{62A75CFF-A66F-4AC2-85D8-3B4A8D81F8E6}\RP0\A0000190.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{62A75CFF-A66F-4AC2-85D8-3B4A8D81F8E6}\RP0\A0000191.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{62A75CFF-A66F-4AC2-85D8-3B4A8D81F8E6}\RP0\A0000193.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{62A75CFF-A66F-4AC2-85D8-3B4A8D81F8E6}\RP2\A0001660.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    D:\System Volume Information\_restore{C8F1AC45-4C63-4B64-A4E6-8D5B05200FBB}\RP553\A0111190.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    F:\F\Program\sysreset253.exe (Backdoor.Zapchast) -> Quarantined and deleted successfully.
    F:\Osorterat\sysreset253.exe (Backdoor.Zapchast) -> Quarantined and deleted successfully.
     
  7. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Mathias Svensson at 13:12:31,37 on 2010-09-10
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1505 [GMT 2:00]

    AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\afwServ.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Registry Mechanic2\RegMech.exe
    C:\Program Files\Personal\bin\Personal.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\Mathias Svensson\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll
    BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live inloggningshjÀlpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [RegistryMechanic] c:\program files\registry mechanic2\RegMech.exe /H
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
    StartupFolder: c:\docume~1\mathia~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\personal.lnk - c:\program files\personal\bin\Personal.exe
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\mathia~1\applic~1\mozilla\firefox\profiles\yaka3xjr.default\
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\personal\bin\np_prsnl.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-9-9 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-9-9 190416]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-9-9 99792]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-9-9 340048]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-9 165584]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-9 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-9 40384]
    R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-9-9 119200]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-9 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-9 40384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-16 136176]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\spel\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-8-6 100736]

    =============== Created Last 30 ================

    2010-09-09 18:55:09 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2010-09-09 18:55:08 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2010-09-09 18:54:57 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2010-09-09 18:54:41 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-09 18:54:41 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2010-09-09 18:54:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-09-09 18:48:19 0 d-----w- c:\program files\Registry Mechanic2
    2010-09-04 13:09:39 0 d-----w- c:\docume~1\mathia~1\applic~1\Spotify
    2010-09-04 13:09:38 0 d-----w- c:\program files\Spotify
    2010-09-04 12:56:55 0 d-----w- c:\docume~1\mathia~1\applic~1\Malwarebytes
    2010-09-04 12:56:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-04 12:56:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-04 12:56:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-04 12:56:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-09-03 08:54:48 0 d-----w- c:\program files\Trend Micro
    2010-09-01 17:16:17 0 d-sha-r- C:\cmdcons
    2010-08-31 21:26:35 0 d-----w- c:\windows\system32\wbem\snmp
    2010-08-31 21:26:34 0 d-----w- c:\windows\system32\xircom
    2010-08-31 21:26:34 0 d-----w- c:\program files\msn gaming zone
    2010-08-31 21:12:27 98816 ----a-w- c:\windows\sed.exe
    2010-08-31 21:12:27 77312 ----a-w- c:\windows\MBR.exe
    2010-08-31 21:12:27 256512 ----a-w- c:\windows\PEV.exe
    2010-08-31 21:12:27 161792 ----a-w- c:\windows\SWREG.exe
    2010-08-31 20:31:35 5 ----a-w- C:\zrpt.xml
    2010-08-22 14:32:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Boss Media
    2010-08-22 14:32:50 0 d-----w- C:\Casino
    2010-08-22 12:01:13 0 d-----w- c:\program files\PokerStars
    2010-08-19 15:20:08 299520 ----a-w- c:\windows\uninst.exe
    2010-08-19 15:19:26 0 d-----w- c:\documents and settings\mathias svensson\WINDOWS
    2010-08-13 17:28:38 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-08-13 17:28:38 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-08-13 17:28:37 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-08-13 17:28:37 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-08-13 17:28:36 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2010-08-13 17:28:36 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2010-08-13 17:28:36 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2010-08-13 17:28:36 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

    ==================== Find3M ====================

    2010-04-06 20:30:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010040620100407\index.dat

    ============= FINISH: 13:12:45,34 ===============
     
  8. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    ==== Event Viewer Messages From Past Week ========

    9/9/2010 8:56:38 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    9/5/2010 10:24:53 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
    9/4/2010 3:31:30 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
    9/10/2010 12:59:21 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    9/10/2010 12:43:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Fips SASDIFSV SASKUTIL
    9/10/2010 1:07:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
    9/10/2010 1:07:22 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Firewall service.

    ==== End Of File ===========================
     
  9. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000000fd

    Kernel Drivers (total 127):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xB85A8000 \WINDOWS\system32\KDCOM.DLL
    0xB84B8000 \WINDOWS\system32\BOOTVID.dll
    0xB7F79000 ACPI.sys
    0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB7F68000 pci.sys
    0xB80A8000 ohci1394.sys
    0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB80C8000 isapnp.sys
    0xB8670000 pciide.sys
    0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB80D8000 MountMgr.sys
    0xB7F49000 ftdisk.sys
    0xB85AC000 dmload.sys
    0xB7F23000 dmio.sys
    0xB8330000 PartMgr.sys
    0xB80E8000 VolSnap.sys
    0xB7F0B000 atapi.sys
    0xB80F8000 disk.sys
    0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB7EEB000 fltMgr.sys
    0xB7ED9000 sr.sys
    0xB8118000 PxHelp20.sys
    0xB7EC2000 KSecDD.sys
    0xB7EAF000 WudfPf.sys
    0xB7E22000 Ntfs.sys
    0xB7DF5000 NDIS.sys
    0xB7DC8000 aswNdis2.sys
    0xB85AE000 aswNdis.sys
    0xB7DAE000 Mup.sys
    0xB8158000 \SystemRoot\system32\DRIVERS\AmdK8.sys
    0xB53A3000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB538F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB5377000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xB8380000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB5353000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB8388000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB8168000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB8178000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB8188000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB5330000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB5308000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB8198000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xB83A8000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB81A8000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB8568000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB52F4000 \SystemRoot\system32\DRIVERS\parport.sys
    0xB81B8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xB83B8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB8684000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB81C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB8574000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB52DD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB81D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB81E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB83D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB52A4000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB81F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB83E8000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xB83F8000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB51D4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB8208000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB8408000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB85B4000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB5176000 \SystemRoot\system32\DRIVERS\update.sys
    0xB8594000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB8218000 \SystemRoot\system32\DRIVERS\AmdLLD.sys
    0xB8228000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB8258000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xB85BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB2BC5000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xB2BA1000 \SystemRoot\system32\drivers\portcls.sys
    0xB8268000 \SystemRoot\system32\drivers\drmk.sys
    0xB8428000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xB85C6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB870C000 \SystemRoot\System32\Drivers\Null.SYS
    0xB85CA000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB8448000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB8450000 \SystemRoot\System32\drivers\vga.sys
    0xB85CE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB8460000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB8470000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB8590000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB2B1E000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB2AC5000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB2AAE000 \SystemRoot\System32\Drivers\aswFW.SYS
    0xB2A88000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB8288000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB5156000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB8298000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB82A8000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xB82B8000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB2998000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB5D66000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB2976000 \SystemRoot\System32\drivers\afd.sys
    0xB82C8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB2954000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xB8488000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xB2929000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB28B9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB82E8000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB2892000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xB2839000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0xB8340000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xB8318000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB27F9000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xB85E8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB2A84000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB8398000 \SystemRoot\System32\watchdog.sys
    0xBD000000 \SystemRoot\System32\drivers\dxg.sys
    0xB875C000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBD012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB25DD000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xB2529000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB229A000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xB1DFD000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB21C2000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB1A66000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB8628000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB19C4000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB8440000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xB168B000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB0B7A000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 40):
    0 System Idle Process
    4 System
    1008 C:\WINDOWS\system32\smss.exe
    1064 csrss.exe
    1088 C:\WINDOWS\system32\winlogon.exe
    1140 C:\WINDOWS\system32\services.exe
    1152 C:\WINDOWS\system32\lsass.exe
    1308 C:\WINDOWS\system32\nvsvc32.exe
    1368 C:\WINDOWS\system32\svchost.exe
    1464 svchost.exe
    1588 C:\WINDOWS\system32\svchost.exe
    1632 C:\WINDOWS\system32\svchost.exe
    1736 svchost.exe
    1884 svchost.exe
    1948 C:\Program Files\Alwil Software\Avast5\afwServ.exe
    188 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    268 C:\WINDOWS\explorer.exe
    440 C:\Program Files\Unlocker\UnlockerAssistant.exe
    448 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    468 C:\WINDOWS\system32\rundll32.exe
    484 C:\WINDOWS\RTHDCPL.exe
    1228 C:\Program Files\Winamp\winampa.exe
    1404 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    1412 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    1456 C:\WINDOWS\system32\ctfmon.exe
    1512 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    1532 C:\Program Files\Registry Mechanic2\RegMech.exe
    1548 C:\Program Files\Personal\bin\Personal.exe
    1608 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    1696 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    800 C:\WINDOWS\system32\spoolsv.exe
    1716 C:\Program Files\Java\jre6\bin\jqs.exe
    276 C:\WINDOWS\system32\PnkBstrA.exe
    3060 alg.exe
    3796 C:\WINDOWS\system32\svchost.exe
    3892 C:\WINDOWS\system32\wuauclt.exe
    872 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    1820 C:\Program Files\Mozilla Firefox\firefox.exe
    2864 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3140 C:\Documents and Settings\Mathias Svensson\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000004`e22d6a00 (NTFS)
    \\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
    \\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\H: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive1 Model Number: SAMSUNGHD080HJ, Rev: WT100-33
    PhysicalDrive2 Model Number: SAMSUNGSP2504C, Rev: VT100-33
    PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.AAK
    PhysicalDrive3 Model Number: WDCWD5000AAKS-00TMA0, Rev: 12.01C01

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    232 GB \\.\PhysicalDrive2 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    465 GB \\.\PhysicalDrive3 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  11. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    ComboFix 10-09-09.04 - Mathias Svensson 2010-09-11 10:20:01.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1596 [GMT 2:00]
    Running from: c:\documents and settings\Mathias Svensson\Desktop\ComboFix.exe
    AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\winlogon.exe . . . is infected!!

    c:\windows\explorer.exe . . . is infected!!

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
    .

    2010-09-09 18:55 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-09 18:55 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-09 18:55 . 2010-09-07 14:53 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2010-09-09 18:55 . 2010-09-07 14:54 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2010-09-09 18:54 . 2010-09-07 14:53 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2010-09-09 18:54 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-09 18:54 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-09 18:54 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-09 18:54 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-09 18:54 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-09-09 18:54 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-09 18:54 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-09 18:54 . 2010-09-07 14:24 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2010-09-09 18:54 . 2010-09-09 18:54 -------- d-----w- c:\program files\Alwil Software
    2010-09-09 18:54 . 2010-09-09 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-09-09 18:48 . 2010-09-09 18:49 -------- d-----w- c:\program files\Registry Mechanic2
    2010-09-04 13:57 . 2010-09-04 13:57 46852 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
    2010-09-04 13:09 . 2010-09-10 16:56 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Spotify
    2010-09-04 13:09 . 2010-09-10 16:56 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\Spotify
    2010-09-04 13:09 . 2010-09-04 13:09 655360 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
    2010-09-04 13:09 . 2010-09-04 13:09 282624 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
    2010-09-04 13:09 . 2010-09-04 13:09 208896 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
    2010-09-04 13:09 . 2010-09-04 13:09 -------- d-----w- c:\program files\Spotify
    2010-09-04 12:56 . 2010-09-04 12:56 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\Malwarebytes
    2010-09-04 12:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-04 12:56 . 2010-09-04 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-04 12:56 . 2010-09-04 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-04 12:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-03 08:54 . 2010-09-03 08:54 -------- d-----w- c:\program files\Trend Micro
    2010-08-31 21:26 . 2010-08-31 21:26 -------- d-----w- c:\windows\system32\wbem\snmp
    2010-08-31 21:26 . 2010-08-31 21:26 -------- d-----w- c:\windows\system32\xircom
    2010-08-31 21:26 . 2010-08-31 21:26 -------- d-----w- c:\program files\microsoft frontpage
    2010-08-22 14:32 . 2010-08-22 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Boss Media
    2010-08-22 14:32 . 2010-08-22 14:32 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Boss Media
    2010-08-22 14:32 . 2010-08-22 14:32 -------- d-----w- C:\Casino
    2010-08-22 12:01 . 2010-08-26 16:47 -------- d-----w- c:\program files\PokerStars
    2010-08-21 13:21 . 2010-07-16 09:38 711168 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv307a-1007160-0-main.dll
    2010-08-21 13:21 . 2010-08-21 13:21 348160 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    2010-08-19 15:20 . 1997-01-18 08:40 299520 ----a-w- c:\windows\uninst.exe
    2010-08-19 15:19 . 2010-08-19 15:19 -------- d-----w- c:\documents and settings\Mathias Svensson\WINDOWS
    2010-08-18 19:09 . 2010-08-18 19:09 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Fallout3
    2010-08-18 18:55 . 2010-08-18 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
    2010-08-18 18:55 . 2008-09-16 22:20 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe
    2010-08-16 19:51 . 2010-08-16 19:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-08-16 19:46 . 2010-08-16 19:46 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Temp
    2010-08-16 19:46 . 2010-08-16 19:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-08-16 19:46 . 2010-08-16 19:47 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Google
    2010-08-16 19:46 . 2010-08-16 19:46 -------- d-----w- c:\program files\Google
    2010-08-13 17:29 . 2010-08-13 17:29 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\2K Games
    2010-08-13 17:28 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-08-13 17:28 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-08-13 17:28 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-08-13 17:28 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-08-13 17:28 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2010-08-13 17:28 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2010-08-13 17:28 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2010-08-13 17:28 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-11 08:06 . 2010-06-10 18:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-09-10 20:21 . 2010-04-06 21:57 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\uTorrent
    2010-09-09 16:23 . 2010-06-10 15:07 63488 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-09-09 16:23 . 2010-06-10 15:07 117760 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-09-04 12:52 . 2010-05-30 21:46 -------- d-----w- c:\program files\Family Toolbar
    2010-09-04 12:52 . 2010-04-06 21:58 -------- d-----w- c:\program files\Ask.com
    2010-09-03 17:45 . 2010-05-21 19:58 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\vlc
    2010-09-03 17:14 . 2010-05-24 16:51 1 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-09-01 17:26 . 2010-04-06 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-08-19 14:06 . 2010-06-30 10:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-08-19 13:10 . 2010-05-01 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-08-18 18:55 . 2010-04-06 20:53 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-17 14:03 . 2010-04-06 20:57 0 ----a-w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\prvlcl.dat
    2010-08-06 12:36 . 2010-08-06 12:36 503808 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-300e1fc9-n\msvcp71.dll
    2010-08-06 12:36 . 2010-08-06 12:36 499712 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-300e1fc9-n\jmc.dll
    2010-08-06 12:36 . 2010-08-06 12:36 348160 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-300e1fc9-n\msvcr71.dll
    2010-08-06 12:35 . 2010-08-06 12:35 61440 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31fe826a-n\decora-sse.dll
    2010-08-06 12:35 . 2010-08-06 12:35 12800 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31fe826a-n\decora-d3d.dll
    2010-08-06 12:14 . 2010-08-06 12:13 -------- d-----w- c:\program files\Telia mobile broadband
    2010-07-26 15:08 . 2010-07-26 15:08 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\Personal
    2010-07-26 15:08 . 2010-07-26 15:08 -------- d-----w- c:\program files\Personal
    2010-07-23 21:21 . 2010-07-23 20:52 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\.minecraft
    2010-07-23 21:06 . 2010-07-23 21:06 -------- d-----w- c:\program files\Fiddler2
    2010-07-20 16:20 . 2010-07-20 16:20 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
    2010-07-20 16:20 . 2010-07-20 16:20 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
    2010-07-20 16:20 . 2010-07-20 16:20 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
    2010-07-20 16:20 . 2010-07-20 16:20 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2010-07-13 18:39 . 2010-04-06 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-06-17 08:34 . 2010-05-27 08:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
    .

    ------- Sigcheck -------

    [-] 2008-06-19 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

    [-] 2008-04-14 . 0F998AF1008EF258141CBEAEB4F4FF35 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

    [-] 2008-04-23 . 8C4050BD9FD87E23CDED28FFA889B0BA . 2306560 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe

    [-] 2008-04-14 . F5A2A55404DC7EE5B6D229374D28E515 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-08-31_21.27.00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    + 2010-09-11 07:59 . 2010-09-11 07:59 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
    + 2010-09-09 18:48 . 1996-01-12 15:00 24576 c:\windows\system32\STKIT432.DLL
    + 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    + 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
    + 2010-09-09 18:54 . 2010-09-09 18:54 219648 c:\windows\Installer\1c506c4.msi
    + 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

    [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
    @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
    [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
    2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
    "RegistryMechanic"="c:\program files\Registry Mechanic2\RegMech.exe" [2009-06-23 2836376]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
    "RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix"="shell32" [X]
    "nltide_3"="advpack.dll" [2008-06-19 124928]

    c:\documents and settings\Mathias Svensson\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Personal.lnk - c:\program files\Personal\bin\Personal.exe [2010-7-26 939536]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
     
  12. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Beat Hazard\\BeatHazard.exe"=
    "h:\\Spel\\Dragon Age\\bin_ship\\daorigins.exe"=
    "h:\\Spel\\Dragon Age\\DAOriginsLauncher.exe"=
    "h:\\Spel\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
    "g:\\WoW\\wow1\\Launcher.exe"=
    "h:\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
    "h:\\Steam\\steamapps\\msvensson87\\team fortress 2\\hl2.exe"=
    "h:\\Steam\\steamapps\\common\\mafia ii - public demo\\launcher.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "g:\\spel\\StarCraft II\\StarCraft II.exe"=
    "g:\\spel\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
    "c:\\Documents and Settings\\Mathias Svensson\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "h:\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
    "h:\\Steam\\steamapps\\mustard87\\garrysmod\\hl2.exe"=
    "h:\\Steam\\steamapps\\mustard87\\team fortress 2\\hl2.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "h:\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8394:TCP"= 8394:TCP:League of Legends Launcher
    "8394:UDP"= 8394:UDP:League of Legends Launcher

    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [9/9/2010 8:54 PM 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [9/9/2010 8:54 PM 190416]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [9/9/2010 8:55 PM 99792]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/9/2010 8:55 PM 340048]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/9/2010 8:55 PM 165584]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 8:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 8:41 PM 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/9/2010 8:55 PM 17744]
    S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [9/9/2010 8:54 PM 119200]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/16/2010 9:46 PM 136176]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\spel\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 10:07 PM 25832]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [8/6/2010 2:13 PM 100736]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/15/2010 10:33 AM 691696]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
    2008-06-19 20:42 124928 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 19:46]

    2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 19:46]

    2010-09-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    FF - ProfilePath - c:\documents and settings\Mathias Svensson\Application Data\Mozilla\Firefox\Profiles\yaka3xjr.default\
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Personal\bin\np_prsnl.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-299502267-1972579041-682003330-1004\Software\SecuROM\License information*]
    "datasecu"=hex:d0,e1,b6,f9,b1,88,f2,93,07,c8,5f,3b,64,5e,a7,d0,72,9c,2e,d9,fa,
    07,65,ce,16,99,6b,38,23,b6,0e,2d,2e,4d,c7,2b,c0,62,d6,d4,73,4d,09,ff,d3,b4,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
    @DACL=(02 0000)
    @="Wireless"
    "ProcessGroupPolicy"="ProcessWIRELESSPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
    @DACL=(02 0000)
    @="Folder Redirection"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
    "DllName"=expand:"fdeploy.dll"
    "NoMachinePolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "PerUserLocalSettings"=dword:00000001
    "NoGPOListChanges"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "EventSources"=multi:"(Folder Redirection,Application)\00\00"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
    @DACL=(02 0000)
    @="Microsoft Disk Quota"
    "NoMachinePolicy"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "NoBackgroundPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "RequiresSuccessfulRegistry"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000000
    "DllName"=expand:"dskquota.dll"
    "ProcessGroupPolicy"="ProcessGroupPolicy"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
    @DACL=(02 0000)
    @="QoS Packet Scheduler"
    "ProcessGroupPolicy"="ProcessPSCHEDPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
     
  13. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
    @DACL=(02 0000)
    @="Scripts"
    "ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
    "ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
    "GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
    "DllName"=expand:"gptext.dll"
    "NoSlowLink"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "NotifyLinkTransition"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
    @DACL=(02 0000)
    @="Internet Explorer Zonemapping"
    "DllName"=expand:"iedkcs32.dll"
    "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
    "NoGPOListChanges"=dword:00000001
    "RequiresSucessfulRegistry"=dword:00000001
    "DisplayName"=expand:"@iedkcs32.dll,-3051"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
    "GenerateGroupPolicy"="SceGenerateGroupPolicy"
    "ExtensionRsopPlanningDebugLevel"=dword:00000001
    "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
    "ExtensionDebugLevel"=dword:00000001
    "DllName"=expand:"scecli.dll"
    @="Security"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000001
    "MaxNoGPOListChangesInterval"=dword:000003c0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
    @DACL=(02 0000)
    @="Internet Explorer Branding"
    "DisplayName"=expand:"@iedkcs32.dll,-3014"
    "DllName"="iedkcs32.dll"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000001
    "NoMachinePolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyEx"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
    "DllName"=expand:"scecli.dll"
    @="EFS recovery"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "RequiresSuccessfulRegistry"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
    @DACL=(02 0000)
    @="802.3 Group Policy"
    "DisplayName"=expand:"@dot3gpclnt.dll,-100"
    "ProcessGroupPolicyEx"="ProcessLANPolicyEx"
    "GenerateGroupPolicy"="GenerateLANPolicy"
    "DllName"=expand:"dot3gpclnt.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
    @DACL=(02 0000)
    @="Microsoft Offline Files"
    "DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
    "EnableAsynchronousProcessing"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000000
    "NoMachinePolicy"=dword:00000000
    "NoSlowLink"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "RequiresSuccessfulRegistry"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
    @DACL=(02 0000)
    @="Software Installation"
    "DllName"=expand:"appmgmts.dll"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "NoBackgroundPolicy"=dword:00000000
    "RequiresSucessfulRegistry"=dword:00000000
    "NoSlowLink"=dword:00000001
    "PerUserLocalSettings"=dword:00000001
    "EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
    @DACL=(02 0000)
    @="IP Security"
    "ProcessGroupPolicy"="ProcessIPSECPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    @DACL=(02 0000)
    "DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
    "Logon"="SABWINLOLogon"
    "Logoff"="SABWINLOLogoff"
    "Startup"="SABWINLOStartup"
    "Shutdown"="SABWINLOShutdown"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    @DACL=(02 0000)
    "DLLName"="avgrsstx.dll"
    "Startup"="AvgStartup"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"crypt32.dll"
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"cryptnet.dll"
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    @DACL=(02 0000)
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000001
    "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
    "Startup"="WlDimsStartup"
    "Shutdown"="WlDimsShutdown"
    "Logon"="WlDimsLogon"
    "Logoff"="WlDimsLogoff"
    "StartShell"="WlDimsStartShell"
    "Lock"="WlDimsLock"
    "Unlock"="WlDimsUnlock"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    @DACL=(02 0000)
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=expand:"sclgntfy.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    @DACL=(02 0000)
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
    @DACL=(02 0000)
    "HelpAssistant"=dword:00000000
    "TsInternetUser"=dword:00000000
    "SQLAgentCmdExec"=dword:00000000
    "NetShowServices"=dword:00000000
    "IWAM_"=dword:00010000
    "IUSR_"=dword:00010000
    "VUSR_"=dword:00010000
    "ASPNET"=dword:00000000
    .
    Completion time: 2010-09-11 10:34:51
    ComboFix-quarantined-files.txt 2010-09-11 08:34
    ComboFix2.txt 2010-09-01 17:21
    ComboFix3.txt 2010-09-01 17:04
    ComboFix4.txt 2010-08-31 21:29

    Pre-Run: 514*473*984 bytes free
    Post-Run: 664*113*152 bytes free

    - - End Of File - - 2DA74FC73E53E223F4CD17D3C8282A9D
     
  14. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    It found the infections and attempted to fix them, but according to Avast they are still Infected.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Uninstall Registry Mechanic2.
    Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

    Uninstall Ask.com as it's considered as an adware.

    ========================================================================

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box into the main textfield:
      Code:
      :filefind
      explorer.exe
      winlogon.exe
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    =====================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\documents and settings\All Users\Application Data\avg9
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  16. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    SystemLook 04.09.10 by jpshortstuff
    Log created at 22:15 on 11/09/2010 by Mathias Svensson
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "explorer.exe"
    C:\WINDOWS\explorer.exe --a---- 1033728 bytes [12:00 14/04/2008] [12:00 14/04/2008] F5A2A55404DC7EE5B6D229374D28E515

    Searching for "winlogon.exe"
    C:\WINDOWS\system32\winlogon.exe --a---- 507904 bytes [12:00 14/04/2008] [12:00 14/04/2008] (Unable to calculate MD5)

    -= EOF =-
     
  17. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    ComboFix 10-09-11.02 - Mathias Svensson 2010-09-11 22:46:02.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1445 [GMT 2:00]
    Running from: c:\documents and settings\Mathias Svensson\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Mathias Svensson\Desktop\CFScript.txt
    AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\avg9
    c:\documents and settings\All Users\Application Data\avg9\Cfg\changecfgreg.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\krnl.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\mail.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\malrep.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\scan.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\sched.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\update.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\user.cfg
    c:\documents and settings\All Users\Application Data\avg9\CfgAll\falsealarm.cfg
    c:\documents and settings\All Users\Application Data\avg9\CfgAll\updateall.cfg
    c:\documents and settings\All Users\Application Data\avg9\CfgAll\userall.cfg
    c:\documents and settings\All Users\Application Data\avg9\emc\Log\emc.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.10
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.8
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.9
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.10
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.8
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.9
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.10
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.8
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.9
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.10
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.8
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.9
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.10
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.8
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.9
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsrmacstat.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsrmacstat.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.10
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.8
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.9
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log
    c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log
    c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\history.xml
    c:\documents and settings\All Users\Application Data\avg9\Log\vault.log
    c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.lock
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000001.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000005.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000006.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000007.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\srm.idx
    c:\documents and settings\All Users\Application Data\avg9\Temp\02323eb2-3fcf-48f0-9369-9a1efc15e1a7-22c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\054dffb7-d884-41f9-b7bc-5f13d2f1b382-8dc-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\085c18e8-dc85-4dc0-90f5-3a3c330c36c9-228-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\08b95cc1-5834-495c-8200-649598bcf7be-9b8-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\0a013544-471a-4c78-8ede-e6d42841688a-580-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\0c43acf6-7802-42bd-a8a5-a23ab7a615c6-760-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\0e884cd9-5373-4904-9df0-10197103b0ed-4e8-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\0ed625f4-4064-4d46-b027-8e2201c1d74a-2e0-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\0f5e8ddd-c438-44ca-bae5-231b8ce2d15c-a68-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\0fc8c6bd-b03d-4503-8ce6-a6e84d91a14c-500-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\1261fa4d-ea84-4435-90b9-828944cf67a9-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\14751035-58ec-46c6-ac97-afcbc0b838ac-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\1543cde3-b280-4350-ad8e-f0e9cd26c2e5-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\183c2cf2-caf9-4b36-aff9-28e3c710cb86-698-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\1872d834-a343-4e57-ac93-1bf73b5be866-534-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\1b6ad8a8-5a93-40f0-99d0-0a6c86276967-1b4-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\1cf5bfd6-decb-442a-99ba-40628c507133-580-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\1cfa25c1-42b1-4ef8-9b73-145fa552023a-4f8-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\1e55f963-9366-4898-a5e6-1718ca4226c5-274-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\1f865f9c-ba4b-49ef-8db3-f11a23eb9d59-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\20ea8c58-d0ff-488c-a2ff-bfe81e9b38d4-2a4-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\23b80dc2-baff-45cf-a061-b36b667cdbcb-8ec-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\241aadc4-7d03-4f03-8cb1-f24d55a76053-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\24898093-2113-4a5f-b2c5-9964dbdfcd83-5c8-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\28aff406-de1f-44df-8c25-ea9b3844a467-578-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\31113379-d4ad-4ad8-b937-08a6cebd69ea-58c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\3159077d-d024-4d33-acd2-5fa9260eec81-580-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\3262804b-eabb-4c58-8b3f-6d7515bd1f1c-20c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\329e31a4-b37f-415f-a776-868dc274e0c1-5ec-oopp.tmp
     
  18. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    c:\documents and settings\All Users\Application Data\avg9\Temp\352a2abb-c816-4b4f-bedd-eb71434ba769-760-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\355fdde3-03fd-4fa9-b902-e76906b54430-4fc-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\39a17fd1-8715-4d2c-a4ef-a99ccdca12b2-820-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\3aadeba0-a4dd-48a4-b222-344a94c4fe24-21c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\3d303110-7824-4500-889a-128e1f4c58eb-580-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\3d698be8-7bf3-452f-a051-5a5bf77b5930-920-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\3fed2ff3-bb18-4459-8aec-170e6f6e3fce-82c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\4025549f-e785-46b6-b1bd-8c785ca42212-a64-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\403a5946-53a2-46d3-abd7-66f44f1f3ea3-23c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\41dc8c68-bbfb-414e-bb2d-dd28dfdfa280-500-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\43b64498-93f1-4754-bb9f-18ee9c300a68-62c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\452c64e3-1cc4-47fa-9b3b-822beaedd050-840-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\4838e1ed-612a-4286-9268-6b80935457ec-a48-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\4973e37f-d586-44c6-bd53-54768efef009-3b4-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\4a54965f-48eb-4ab9-8594-8120fd688e9a-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\4b29b1e0-6c32-4f9c-b696-1e034943e19a-514-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\4c51425d-7564-46a2-9b57-db106114bc6f-254-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\4cb1738a-a3ed-4ef3-8b8c-dddb80671af7-9e0-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\537f25e3-0a22-4371-867b-71bcc4a216c1-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\59ab37f8-b4f2-4393-9e49-16b7e887c5aa-4fc-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\5ac2024f-ee6b-4529-a345-226e8b24bf30-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\5ac3fb69-8cce-43f1-a4ba-198a3d043f49-578-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\5adce29d-b584-4330-9abf-18e2b59810b0-24c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\5b11f36c-11a2-4c17-9c9c-dd88b07170e0-550-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\5b7562e0-cb49-4f7b-9a37-a4041d92a40a-250-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\5ca25f2e-9afd-4287-bf3d-3ff39c858fcd-640-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\5ce21424-30c4-4d90-9da5-b30ab12a1e14-984-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\5ce49268-3129-4b46-93d1-54062d322cce-580-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\5d51aedb-b575-4c00-9b89-f1d019fccedc-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\5fd5d36a-e3f1-4cda-8109-a913e470411f-500-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\62521876-fc79-44ce-a13f-90cd388332e5-580-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\639e5817-87dc-42f4-82fb-565e6c807c12-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\63f61329-d387-479f-bd1f-7ad89e1ce2c4-840-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\64a5b7ef-2b3c-4bad-abd2-a74251ef5f21-578-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\65d250b6-51c9-4852-8460-64beee5624dd-580-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\6684b62d-9044-44dc-badd-ef38cfe4899e-260-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\6e2e2972-1a09-45b9-82dc-1d20f742a0b2-580-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\708d4428-d37d-43e1-94b2-222983d8a11a-50c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\782e89f0-80f3-4717-9079-73537e0edaee-4fc-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\7b17abe4-cc0a-4159-a97e-e473f3a1fbef-a54-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\7c3946bf-2a5a-42ab-a27e-d48023363500-580-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\8181d495-1770-4a0d-aa83-9b5de901f419-570-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\81c89283-3253-4358-ab3b-df281e7d8ffb-234-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\83b06096-5272-46a1-bfc6-3b2f8f2ad44f-578-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\8415a26d-2468-41ae-bfbf-115453b272c9-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\88980d73-e1eb-428c-ad7f-dbffdd92f10f-63c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\8a76ad43-41b4-444c-bfb5-54a691ddbffc-578-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\8dfff3ea-7e86-42b4-af0a-442aadb459e9-4c0-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\907ab9b2-97aa-4cf3-9914-8ae685c03bf6-860-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\9286465d-8091-438d-9d75-467765cbf2a5-578-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\9467d73b-a59b-4ee1-91fb-bd297cb2b432-504-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\9511861e-5bc7-40bd-8e3f-2d1632840dab-4f4-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\9585c0d8-62bd-45e6-b60c-a82bd1be0ae2-580-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\97c82dc4-9e65-4e97-8e94-b1fc2b98cf61-568-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\98afe6c1-dcf0-47cf-b03d-f9ca79712d00-50c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\9cb18581-14f3-408f-af1b-e1209ea1908b-830-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\9eaca4c6-eebb-460e-9ce3-ac23f5c8a96d-580-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\9ed8fc08-a8ee-4128-9e46-e145ac331cd4-814-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\a0fa0d9f-fd55-4695-92ed-184efac0fdcd-9b8-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\a5d5432a-4b1a-4a50-afac-5e77096de4c8-540-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\a8f1ae1d-8df5-46a7-b956-34e98f3a97d4-608-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\ab9dc5c3-1816-4851-9ad3-5cd4e1516a55-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\acf4774d-5a74-4363-9a70-274cb6dd6835-234-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\af706299-c015-4384-b06e-e4275ded19b1-640-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\af936c89-ab88-4535-ab37-01c87320fde5-570-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\b08c1264-322d-4d7a-acc8-4a75515b5063-40c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\b1c520b5-b567-406c-a133-5cf59d40b1be-91c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\b20df96c-dce3-43c4-8035-4e88b83b6ae3-8fc-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\b5f0cbc9-929b-4043-901b-58760f1b627d-578-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\b60e72ae-adcb-4382-8cde-4ac9f3b61e7e-538-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\b6253172-344f-4542-a0b3-a92b2a8a7ed9-9cc-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\b9a5b9e4-598b-46a0-98bc-58d9894e2b01-594-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\bf2e6b8c-4c90-4c4e-b50f-c502da98bba9-868-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\bf74d94d-7235-4a1e-9aa9-242f0d25b6a4-5d8-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\c01ffce8-5080-4839-97bd-7be379399ef2-500-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\c0514520-5987-4de8-9551-43a8bbeb93a1-508-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\c06bc6d3-be79-44a2-b69d-ef9836415d80-63c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\c2a192c4-11ad-4f8b-8d00-2e421d771cc2-34c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\c2d04868-1ac3-4e57-98a4-48755089b327-5b0-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\c3a6533c-e52e-456e-88dc-27df18ba9f83-644-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\c3cf8446-1074-43a4-b6fd-217ec0de0480-578-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\c50089b1-9e9a-4c73-b678-42a6dff3ab1a-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\c5cd1af6-4eef-4022-ac6a-ceb7eee3e918-b10-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\c9248d54-ac8d-40f2-8d7b-e1d052d07a7c-534-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\cc55b2a1-ec34-42c4-bbe2-bee46f460bd1-234-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\cc643568-8ae8-4e2a-bc9f-9c657eca4b06-b4c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\cdbbee92-5c8e-4b99-bc50-8b25e5ae2963-224-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\cf205045-0657-4e4a-b06a-291701949550-780-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\cf431b6a-a664-4212-969c-43d736b8868d-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\d06b77f0-1b82-4604-9b90-31c02b5390f1-224-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\d0ba4925-a6d6-490d-af3d-a6e46ef13766-654-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\d1bb7d23-204d-4702-87ca-ff1174752956-56c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\d232277a-9fc5-42f2-9fd1-bedf72c3e4b5-58c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\d30a1165-de01-4fa5-a752-ec3f9691ca0d-378-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\d458e69f-384e-478a-b6d6-bf9740e58994-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\d51fbce5-1b54-4bf6-b2f8-274887d1116a-578-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\d58d5228-62f1-4c63-8b2e-25120472098f-9ec-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\d5ad784c-a3d8-4bf8-8352-c343bd12b802-5b0-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\d96615f1-d33d-4021-b487-993710d92b23-4e8-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\da82c0d5-d604-4d5b-b362-60b577dcdfb7-584-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\db4f7d84-3098-4ae4-b458-a1d4844969f0-580-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\dd20a6d6-f3c5-4397-9c3b-469f1465d506-5ac-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\e02b08e3-e946-4758-a407-7dee0d8bf1ce-280-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\e0efcc46-1699-466c-8376-abd17ecbd611-4fc-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\e1f31808-cdb1-4a92-bd76-53920219ce33-1fc-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\e54d6e2c-0007-4960-85da-baf03c3d7b2b-7f0-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\eaed9d12-0f35-4f43-a1d6-fd21de6119da-304-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\ecd89d25-b580-4b04-8be3-483f93df5456-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\f08a9072-9c9e-4b98-a9bf-8d221cf05ec6-94c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\f0abd673-b459-41d1-9405-f1202defdcab-248-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\f3a6e416-eaa0-4b42-b499-eae84d70c57a-1e8-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\f7187d62-2575-48db-926c-54e7f854c846-580-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\fa134c47-d268-42a4-90f2-c9f8c116f7e8-578-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\fade991f-9782-4d4a-95cd-cd00ffac5a20-6cc-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\fbd67051-163f-4ac4-b826-2b9e2e789b5c-a3c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\fce0e8e6-1d92-474d-8aa4-d4f6ebaf6a55-124-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\fe162acc-7a22-47ed-a99c-bf1021543320-944-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\ff74561d-efb4-4542-90e8-0c4a0040441b-57c-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\ff770899-878a-4e0a-a983-01d2f190ac9e-550-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\fff3d910-2083-46de-afad-91bc27d0040f-584-oopp.tmp
    c:\documents and settings\All Users\Application Data\avg9\Temp\file9514.tmp
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avg9us.lng
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfree_us.mht
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
    c:\documents and settings\All Users\Application Data\avg9\update\backup\cf.dat
    c:\documents and settings\All Users\Application Data\avg9\update\backup\cty.cty
    c:\documents and settings\All Users\Application Data\avg9\update\backup\incavi.avm
    c:\documents and settings\All Users\Application Data\avg9\update\backup\install.rdf
    c:\documents and settings\All Users\Application Data\avg9\update\backup\sb.dat
    c:\documents and settings\All Users\Application Data\avg9\update\backup\sb2.dat
    c:\documents and settings\All Users\Application Data\avg9\update\backup\sc.dat
    c:\documents and settings\All Users\Application Data\avg9\update\backup\sc.dat.xcd
    c:\documents and settings\All Users\Application Data\avg9\update\backup\searchshield.jar
    c:\documents and settings\All Users\Application Data\avg9\update\prepare\temp\cty.cty

    c:\windows\system32\winlogon.exe . . . is infected!!

    c:\windows\explorer.exe . . . is infected!!
     
  19. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
    .

    2010-09-09 18:55 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-09 18:55 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-09 18:55 . 2010-09-07 14:53 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2010-09-09 18:55 . 2010-09-07 14:54 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2010-09-09 18:54 . 2010-09-07 14:53 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2010-09-09 18:54 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-09 18:54 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-09 18:54 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-09 18:54 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-09 18:54 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-09-09 18:54 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-09 18:54 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-09 18:54 . 2010-09-07 14:24 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2010-09-09 18:54 . 2010-09-09 18:54 -------- d-----w- c:\program files\Alwil Software
    2010-09-09 18:54 . 2010-09-09 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-09-09 18:48 . 2010-09-11 20:13 -------- d-----w- c:\program files\Registry Mechanic2
    2010-09-04 13:57 . 2010-09-04 13:57 46852 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
    2010-09-04 13:09 . 2010-09-11 16:15 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\Spotify
    2010-09-04 13:09 . 2010-09-11 15:29 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Spotify
    2010-09-04 13:09 . 2010-09-04 13:09 655360 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
    2010-09-04 13:09 . 2010-09-04 13:09 282624 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
    2010-09-04 13:09 . 2010-09-04 13:09 208896 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
    2010-09-04 13:09 . 2010-09-04 13:09 -------- d-----w- c:\program files\Spotify
    2010-09-04 12:56 . 2010-09-04 12:56 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\Malwarebytes
    2010-09-04 12:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-04 12:56 . 2010-09-04 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-04 12:56 . 2010-09-04 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-04 12:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-03 08:54 . 2010-09-03 08:54 -------- d-----w- c:\program files\Trend Micro
    2010-08-31 21:26 . 2010-08-31 21:26 -------- d-----w- c:\windows\system32\wbem\snmp
    2010-08-31 21:26 . 2010-08-31 21:26 -------- d-----w- c:\windows\system32\xircom
    2010-08-31 21:26 . 2010-08-31 21:26 -------- d-----w- c:\program files\microsoft frontpage
    2010-08-22 14:32 . 2010-08-22 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Boss Media
    2010-08-22 14:32 . 2010-08-22 14:32 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Boss Media
    2010-08-22 14:32 . 2010-08-22 14:32 -------- d-----w- C:\Casino
    2010-08-22 12:01 . 2010-08-26 16:47 -------- d-----w- c:\program files\PokerStars
    2010-08-21 13:21 . 2010-07-16 09:38 711168 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv307a-1007160-0-main.dll
    2010-08-21 13:21 . 2010-08-21 13:21 348160 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    2010-08-19 15:20 . 1997-01-18 08:40 299520 ----a-w- c:\windows\uninst.exe
    2010-08-19 15:19 . 2010-08-19 15:19 -------- d-----w- c:\documents and settings\Mathias Svensson\WINDOWS
    2010-08-18 19:09 . 2010-08-18 19:09 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Fallout3
    2010-08-18 18:55 . 2010-08-18 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
    2010-08-18 18:55 . 2008-09-16 22:20 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe
    2010-08-16 19:51 . 2010-08-16 19:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-08-16 19:46 . 2010-08-16 19:46 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Temp
    2010-08-16 19:46 . 2010-08-16 19:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-08-16 19:46 . 2010-08-16 19:47 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\Google
    2010-08-16 19:46 . 2010-08-16 19:46 -------- d-----w- c:\program files\Google
    2010-08-13 17:29 . 2010-08-13 17:29 -------- d-----w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\2K Games
    2010-08-13 17:28 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-08-13 17:28 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-08-13 17:28 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-08-13 17:28 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-08-13 17:28 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2010-08-13 17:28 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2010-08-13 17:28 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2010-08-13 17:28 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-11 20:32 . 2010-04-06 21:57 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\uTorrent
    2010-09-11 20:13 . 2010-06-10 18:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-09-11 14:18 . 2010-05-27 08:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-09 16:23 . 2010-06-10 15:07 63488 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-09-09 16:23 . 2010-06-10 15:07 117760 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-09-04 12:52 . 2010-05-30 21:46 -------- d-----w- c:\program files\Family Toolbar
    2010-09-03 17:45 . 2010-05-21 19:58 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\vlc
    2010-09-03 17:14 . 2010-05-24 16:51 1 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-08-19 14:06 . 2010-06-30 10:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-08-19 13:10 . 2010-05-01 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-08-18 18:55 . 2010-04-06 20:53 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-17 14:03 . 2010-04-06 20:57 0 ----a-w- c:\documents and settings\Mathias Svensson\Local Settings\Application Data\prvlcl.dat
    2010-08-06 12:36 . 2010-08-06 12:36 503808 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-300e1fc9-n\msvcp71.dll
    2010-08-06 12:36 . 2010-08-06 12:36 499712 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-300e1fc9-n\jmc.dll
    2010-08-06 12:36 . 2010-08-06 12:36 348160 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-300e1fc9-n\msvcr71.dll
    2010-08-06 12:35 . 2010-08-06 12:35 61440 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31fe826a-n\decora-sse.dll
    2010-08-06 12:35 . 2010-08-06 12:35 12800 ----a-w- c:\documents and settings\Mathias Svensson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31fe826a-n\decora-d3d.dll
    2010-08-06 12:14 . 2010-08-06 12:13 -------- d-----w- c:\program files\Telia mobile broadband
    2010-07-26 15:08 . 2010-07-26 15:08 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\Personal
    2010-07-26 15:08 . 2010-07-26 15:08 -------- d-----w- c:\program files\Personal
    2010-07-23 21:21 . 2010-07-23 20:52 -------- d-----w- c:\documents and settings\Mathias Svensson\Application Data\.minecraft
    2010-07-23 21:06 . 2010-07-23 21:06 -------- d-----w- c:\program files\Fiddler2
    .

    ------- Sigcheck -------

    [-] 2008-06-19 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

    [-] 2008-04-14 . 0F998AF1008EF258141CBEAEB4F4FF35 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

    [-] 2008-04-23 . 8C4050BD9FD87E23CDED28FFA889B0BA . 2306560 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe

    [-] 2008-04-14 . F5A2A55404DC7EE5B6D229374D28E515 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-08-31_21.27.00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    + 2010-09-11 08:37 . 2010-09-11 08:37 16384 c:\windows\Temp\Perflib_Perfdata_500.dat
    + 2010-09-09 18:48 . 1996-01-12 15:00 24576 c:\windows\system32\STKIT432.DLL
    + 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    + 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
    + 2010-09-09 18:54 . 2010-09-09 18:54 219648 c:\windows\Installer\1c506c4.msi
    + 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
    + 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

    [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
    @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
    [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
    2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
    "RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix"="shell32" [X]
    "nltide_3"="advpack.dll" [2008-06-19 124928]

    c:\documents and settings\Mathias Svensson\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Personal.lnk - c:\program files\Personal\bin\Personal.exe [2010-7-26 939536]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Beat Hazard\\BeatHazard.exe"=
    "h:\\Spel\\Dragon Age\\bin_ship\\daorigins.exe"=
    "h:\\Spel\\Dragon Age\\DAOriginsLauncher.exe"=
    "h:\\Spel\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
    "g:\\WoW\\wow1\\Launcher.exe"=
    "h:\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
    "h:\\Steam\\steamapps\\msvensson87\\team fortress 2\\hl2.exe"=
    "h:\\Steam\\steamapps\\common\\mafia ii - public demo\\launcher.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "g:\\spel\\StarCraft II\\StarCraft II.exe"=
    "g:\\spel\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
    "c:\\Documents and Settings\\Mathias Svensson\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "h:\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
    "h:\\Steam\\steamapps\\mustard87\\garrysmod\\hl2.exe"=
    "h:\\Steam\\steamapps\\mustard87\\team fortress 2\\hl2.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "h:\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8394:TCP"= 8394:TCP:League of Legends Launcher
    "8394:UDP"= 8394:UDP:League of Legends Launcher

    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [9/9/2010 8:54 PM 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [9/9/2010 8:54 PM 190416]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [9/9/2010 8:55 PM 99792]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/9/2010 8:55 PM 340048]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/9/2010 8:55 PM 165584]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 8:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 8:41 PM 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/9/2010 8:55 PM 17744]
    S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [9/9/2010 8:54 PM 119200]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/16/2010 9:46 PM 136176]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\spel\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 10:07 PM 25832]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [8/6/2010 2:13 PM 100736]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/15/2010 10:33 AM 691696]
     
  20. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
    2008-06-19 20:42 124928 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 19:46]

    2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 19:46]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    FF - ProfilePath - c:\documents and settings\Mathias Svensson\Application Data\Mozilla\Firefox\Profiles\yaka3xjr.default\
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Personal\bin\np_prsnl.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-299502267-1972579041-682003330-1004\Software\SecuROM\License information*]
    "datasecu"=hex:d0,e1,b6,f9,b1,88,f2,93,07,c8,5f,3b,64,5e,a7,d0,72,9c,2e,d9,fa,
    07,65,ce,16,99,6b,38,23,b6,0e,2d,2e,4d,c7,2b,c0,62,d6,d4,73,4d,09,ff,d3,b4,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
    @DACL=(02 0000)
    @="Wireless"
    "ProcessGroupPolicy"="ProcessWIRELESSPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
    @DACL=(02 0000)
    @="Folder Redirection"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
    "DllName"=expand:"fdeploy.dll"
    "NoMachinePolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "PerUserLocalSettings"=dword:00000001
    "NoGPOListChanges"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "EventSources"=multi:"(Folder Redirection,Application)\00\00"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
    @DACL=(02 0000)
    @="Microsoft Disk Quota"
    "NoMachinePolicy"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "NoBackgroundPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "RequiresSuccessfulRegistry"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000000
    "DllName"=expand:"dskquota.dll"
    "ProcessGroupPolicy"="ProcessGroupPolicy"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
    @DACL=(02 0000)
    @="QoS Packet Scheduler"
    "ProcessGroupPolicy"="ProcessPSCHEDPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
    @DACL=(02 0000)
    @="Scripts"
    "ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
    "ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
    "GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
    "DllName"=expand:"gptext.dll"
    "NoSlowLink"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "NotifyLinkTransition"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
    @DACL=(02 0000)
    @="Internet Explorer Zonemapping"
    "DllName"=expand:"iedkcs32.dll"
    "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
    "NoGPOListChanges"=dword:00000001
    "RequiresSucessfulRegistry"=dword:00000001
    "DisplayName"=expand:"@iedkcs32.dll,-3051"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
    "GenerateGroupPolicy"="SceGenerateGroupPolicy"
    "ExtensionRsopPlanningDebugLevel"=dword:00000001
    "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
    "ExtensionDebugLevel"=dword:00000001
    "DllName"=expand:"scecli.dll"
    @="Security"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000001
    "MaxNoGPOListChangesInterval"=dword:000003c0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
    @DACL=(02 0000)
    @="Internet Explorer Branding"
    "DisplayName"=expand:"@iedkcs32.dll,-3014"
    "DllName"="iedkcs32.dll"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000001
    "NoMachinePolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyEx"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
    "DllName"=expand:"scecli.dll"
    @="EFS recovery"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "RequiresSuccessfulRegistry"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
    @DACL=(02 0000)
    @="802.3 Group Policy"
    "DisplayName"=expand:"@dot3gpclnt.dll,-100"
    "ProcessGroupPolicyEx"="ProcessLANPolicyEx"
    "GenerateGroupPolicy"="GenerateLANPolicy"
    "DllName"=expand:"dot3gpclnt.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
    @DACL=(02 0000)
    @="Microsoft Offline Files"
    "DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
    "EnableAsynchronousProcessing"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000000
    "NoMachinePolicy"=dword:00000000
    "NoSlowLink"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "RequiresSuccessfulRegistry"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
    @DACL=(02 0000)
    @="Software Installation"
    "DllName"=expand:"appmgmts.dll"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "NoBackgroundPolicy"=dword:00000000
    "RequiresSucessfulRegistry"=dword:00000000
    "NoSlowLink"=dword:00000001
    "PerUserLocalSettings"=dword:00000001
    "EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
    @DACL=(02 0000)
    @="IP Security"
    "ProcessGroupPolicy"="ProcessIPSECPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    @DACL=(02 0000)
    "DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
    "Logon"="SABWINLOLogon"
    "Logoff"="SABWINLOLogoff"
    "Startup"="SABWINLOStartup"
    "Shutdown"="SABWINLOShutdown"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    @DACL=(02 0000)
    "DLLName"="avgrsstx.dll"
    "Startup"="AvgStartup"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"crypt32.dll"
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"cryptnet.dll"
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    @DACL=(02 0000)
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000001
    "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
    "Startup"="WlDimsStartup"
    "Shutdown"="WlDimsShutdown"
    "Logon"="WlDimsLogon"
    "Logoff"="WlDimsLogoff"
    "StartShell"="WlDimsStartShell"
    "Lock"="WlDimsLock"
    "Unlock"="WlDimsUnlock"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    @DACL=(02 0000)
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=expand:"sclgntfy.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    @DACL=(02 0000)
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
    @DACL=(02 0000)
    "HelpAssistant"=dword:00000000
    "TsInternetUser"=dword:00000000
    "SQLAgentCmdExec"=dword:00000000
    "NetShowServices"=dword:00000000
    "IWAM_"=dword:00010000
    "IUSR_"=dword:00010000
    "VUSR_"=dword:00010000
    "ASPNET"=dword:00000000
    .
    Completion time: 2010-09-11 23:01:10
    ComboFix-quarantined-files.txt 2010-09-11 21:01
    ComboFix2.txt 2010-09-01 17:21
    ComboFix3.txt 2010-09-01 17:04
    ComboFix4.txt 2010-08-31 21:29

    Pre-Run: 487*776*256 bytes free
    Post-Run: 471*244*800 bytes free

    - - End Of File - - A7EE456650C0E11C70D61E52F916CBAB
     
  21. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    I don't know how ask ended up on my computer, i couldn't find a uninstall option so i removed the folder, i also uninstalled RegMech.

    Thanks for taking time to help! :)
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Do you have Windows XP CD?


    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    winlogon.exe
    explorer.exe
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  23. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    Yea i have my Windows xp cd here somewhere if it should be needed :)
     
  24. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    OTL logfile created on: 2010-09-12 22:38:30 - Run 1
    OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Mathias Svensson\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 19,53 Gb Total Space | 0,27 Gb Free Space | 1,39% Space Free | Partition Type: NTFS
    Drive D: | 54,99 Gb Total Space | 0,73 Gb Free Space | 1,33% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    Drive F: | 232,88 Gb Total Space | 1,83 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
    Drive G: | 298,09 Gb Total Space | 14,49 Gb Free Space | 4,86% Space Free | Partition Type: NTFS
    Drive H: | 465,76 Gb Total Space | 1,62 Gb Free Space | 0,35% Space Free | Partition Type: NTFS
    I: Drive not present or media not loaded

    Computer Name: MUSTARD
    Current User Name: Mathias Svensson
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010-09-12 22:37:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mathias Svensson\My Documents\Downloads\OTL.exe
    PRC - [2010-09-07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010-09-07 17:11:44 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
    PRC - [2010-07-26 17:08:07 | 000,939,536 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe
    PRC - [2010-02-02 00:59:08 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010-02-02 00:59:06 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2010-01-14 00:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
    PRC - [2009-09-30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
    PRC - [2008-04-14 14:00:00 | 001,033,728 | ---- | M] () -- C:\WINDOWS\explorer.exe
    PRC - [2008-04-14 14:00:00 | 000,507,904 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
    PRC - [2006-09-07 17:19:28 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe


    ========== Modules (SafeList) ==========

    MOD - [2010-09-12 22:37:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mathias Svensson\My Documents\Downloads\OTL.exe
    MOD - [2008-04-14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2006-09-07 17:18:58 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010-09-07 17:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
    SRV - [2009-12-15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- H:\Spel\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MATHIA~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010-09-07 16:54:16 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
    DRV - [2010-09-07 16:53:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2010-09-07 16:53:35 | 000,190,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
    DRV - [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010-09-07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010-09-07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010-09-07 16:24:46 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
    DRV - [2010-05-10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010-04-15 10:33:04 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2010-04-06 23:12:41 | 000,016,512 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2010-03-16 08:51:59 | 010,232,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2010-02-17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009-12-07 19:53:12 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2009-10-12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
    DRV - [2008-04-14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008-04-14 05:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2007-08-28 10:55:10 | 004,609,024 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007-06-29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
    DRV - [2007-05-31 09:19:22 | 000,096,896 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2006-06-18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.2.5
    FF - prefs.js..extensions.enabledItems: sv@dictionaries.addons.mozilla.org:1.43

    FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2010-07-23 23:06:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-09-09 18:32:47 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-09-09 18:32:16 | 000,000,000 | ---D | M]

    [2010-09-09 18:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\Mozilla\Extensions
    [2010-09-12 20:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\Mozilla\Firefox\Profiles\yaka3xjr.default\extensions
    [2010-09-09 18:33:35 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mathias Svensson\Application Data\Mozilla\Firefox\Profiles\yaka3xjr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2010-09-10 21:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\Mozilla\Firefox\Profiles\yaka3xjr.default\extensions\sv@dictionaries.addons.mozilla.org
    [2010-09-12 20:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010-01-14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2010-09-11 23:00:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal.lnk = C:\Program Files\Personal\bin\Personal.exe (Technology Nexus AB)
    O4 - Startup: C:\Documents and Settings\Mathias Svensson\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - Reg Error: Value error. File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe ()
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010-04-06 22:19:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (54619756233228288)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010-09-12 15:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Application Data\Synthesia
    [2010-09-12 15:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Desktop\Synthesia-0.7.4
    [2010-09-11 22:34:16 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010-09-11 12:48:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mathias Svensson\Recent
    [2010-09-10 13:29:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010-09-10 13:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Desktop\New Folder (2)
    [2010-09-10 12:58:25 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mathias Svensson\Desktop\TFC.exe
    [2010-09-09 20:55:10 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010-09-09 20:55:10 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010-09-09 20:55:09 | 000,340,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2010-09-09 20:55:08 | 000,099,792 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2010-09-09 20:54:57 | 000,190,416 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2010-09-09 20:54:56 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010-09-09 20:54:55 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010-09-09 20:54:54 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010-09-09 20:54:54 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010-09-09 20:54:53 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010-09-09 20:54:41 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010-09-09 20:54:41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010-09-09 20:54:41 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
    [2010-09-09 20:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
     
  25. Mustard87

    Mustard87 TS Rookie Topic Starter Posts: 25

    [2010-09-09 20:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010-09-09 20:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic2
    [2010-09-04 15:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\Spotify
    [2010-09-04 15:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Application Data\Spotify
    [2010-09-04 15:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
    [2010-09-04 14:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Application Data\Malwarebytes
    [2010-09-04 14:56:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010-09-04 14:56:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010-09-04 14:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010-09-04 14:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010-09-03 10:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010-09-01 19:16:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010-08-31 23:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
    [2010-08-31 23:26:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
    [2010-08-31 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
    [2010-08-31 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
    [2010-08-31 23:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
    [2010-08-31 23:12:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010-08-31 23:12:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010-08-31 23:12:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010-08-31 23:12:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010-08-31 23:12:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010-08-31 23:11:46 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010-08-22 16:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Boss Media
    [2010-08-22 16:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\Boss Media
    [2010-08-22 16:32:50 | 000,000,000 | ---D | C] -- C:\Casino
    [2010-08-22 14:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
    [2010-08-19 17:20:08 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
    [2010-08-19 17:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\WINDOWS
    [2010-08-19 14:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\My Documents\StarCraft II
    [2010-08-18 21:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\Fallout3
    [2010-08-18 20:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fallout3
    [2010-08-16 21:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010-08-16 21:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Application Data\Google
    [2010-08-16 21:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\Temp
    [2010-08-16 21:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2010-08-16 21:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2010-08-16 21:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\Google
    [2010-08-13 19:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\2K Games
    [2010-08-06 14:13:42 | 000,114,432 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
    [2010-08-06 14:13:42 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
    [2010-08-06 14:13:42 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbdev.sys
    [2010-08-06 14:13:42 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
    [2010-08-06 14:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Telia mobile broadband
    [2010-07-26 17:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Application Data\Personal
    [2010-07-26 17:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Personal
    [2010-07-24 20:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Desktop\comics
    [2010-07-24 20:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Desktop\pspcomic 0.9.9 beta2
    [2010-07-23 23:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\My Documents\Fiddler2
    [2010-07-23 23:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Fiddler2
    [2010-07-23 22:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\Application Data\.minecraft
    [2010-07-23 22:50:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2010-07-12 21:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
    [2010-07-12 21:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mathias Svensson\dwhelper
    [2010-07-01 11:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Ben There Dan That
    [2010-06-30 12:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
    [2010-06-30 12:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\Documents and Settings\Mathias Svensson\*.tmp files -> C:\Documents and Settings\Mathias Svensson\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010-09-12 21:51:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010-09-12 21:51:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010-09-12 14:35:14 | 000,215,552 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-09-12 14:16:23 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Mathias Svensson\NTUSER.DAT
    [2010-09-12 12:32:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010-09-12 12:32:17 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010-09-12 12:31:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010-09-12 10:08:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mathias Svensson\ntuser.ini
    [2010-09-11 23:51:45 | 004,318,268 | -H-- | M] () -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\IconCache.db
    [2010-09-11 23:43:27 | 000,480,213 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\AENfD.jpg
    [2010-09-11 23:00:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010-09-11 23:00:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010-09-11 22:33:30 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\ComboFix.exe
    [2010-09-11 22:14:43 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\SystemLook.exe
    [2010-09-11 16:18:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010-09-11 13:39:28 | 001,380,015 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\My Documents\Virtual_Piano_Musicsheet_Aug_Sep.pdf
    [2010-09-10 12:58:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mathias Svensson\Desktop\TFC.exe
    [2010-09-09 20:55:10 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2010-09-09 20:54:54 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010-09-09 18:32:17 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010-09-09 18:32:17 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010-09-09 18:30:44 | 000,163,226 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\bookmarks-2010-09-09.json
    [2010-09-07 20:47:27 | 000,054,154 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\2ep7jty.jpg
    [2010-09-07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010-09-07 17:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010-09-07 16:54:16 | 000,099,792 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2010-09-07 16:53:58 | 000,340,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2010-09-07 16:53:35 | 000,190,416 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010-09-07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010-09-07 16:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010-09-07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010-09-07 16:24:46 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
    [2010-09-06 13:02:16 | 003,345,031 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\IMG_1777.JPG
    [2010-09-05 14:28:49 | 000,161,432 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\bookmarks-2010-09-05.json
    [2010-09-04 15:09:38 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Spotify.lnk
    [2010-09-04 14:56:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...