Solved 8 steps finished

Status
Not open for further replies.
B

BlazinGhost

Posts: 90   +1
Having problems with a trojan/virus Remind_xp.exe

Will appreciate some help from an expert, thanks.

Malwarebytes:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5199

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/27/2010 3:06:02 PM
mbam-log-2010-11-27 (15-06-02).txt

Scan type: Quick scan
Objects scanned: 150847
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-27 15:11:12
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3250824A rev.3.AAE
Running: s4glttdc.exe; Driver: C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\kwayiaog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 37: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 488396912 (+255): rootkit-like behavior;

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEB41EBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEB41E9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xEB41EB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 868BF3B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 868BF3B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 868BF3B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 868BF3B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 868BF3B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 868BF3B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-16 868BF3B2
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3250824A______________________________3.AAE___#5&6da396e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----


DDS:



DDS (Ver_10-11-27.01) - NTFSx86
Run by Owner at 15:17:44.79 on Sat 11/27/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.548 [GMT -8:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\129082~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\129082~1\EE\AOLServiceHost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Anti-Phishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [CHotkey] zHotkey.exe
mRun: [HostManager] c:\program files\common files\aol\1290829611\ee\AOLHostManager.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\i1ag7lk2.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2010-11-26 221184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-26 165584]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2010-11-26 80640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-26 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-26 40384]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2010-11-26 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2010-11-26 122368]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2010-11-26 114464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-26 136176]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-26 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-26 40384]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2010-11-26 245760]

=============== Created Last 30 ================

2010-11-27 20:30:16 -------- d-----w- c:\docume~1\owner~1.you\applic~1\McAfee.com Personal Firewall
2010-11-27 19:29:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-27 19:29:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-27 18:54:01 -------- d-----w- c:\docume~1\owner~1.you\applic~1\Malwarebytes
2010-11-27 18:53:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-27 18:53:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-27 18:42:24 -------- d-----w- c:\program files\CCleaner
2010-11-27 05:35:17 -------- d-----w- c:\program files\AIM
2010-11-27 05:35:15 -------- d-----w- c:\program files\HLDJ
2010-11-27 05:35:11 -------- d-----w- c:\program files\GoldWave
2010-11-27 05:35:09 -------- d-----w- c:\program files\Illustrate
2010-11-27 05:31:47 -------- d-----w- c:\windows\system32\LogFiles
2010-11-27 05:21:57 -------- d-----w- c:\windows\system32\AGEIA
2010-11-27 05:20:57 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-11-27 05:20:27 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-11-27 05:20:27 -------- d-----w- c:\windows\nview
2010-11-27 05:18:35 -------- d-----w- C:\NVIDIA
2010-11-27 04:53:14 -------- d-----w- c:\docume~1\owner~1.you\locals~1\applic~1\Mozilla
2010-11-27 04:34:25 -------- d-----w- c:\program files\Steam
2010-11-27 04:27:18 -------- d-----w- c:\docume~1\owner~1.you\locals~1\applic~1\Temp
2010-11-27 04:27:13 -------- d-----w- c:\docume~1\owner~1.you\locals~1\applic~1\Google
2010-11-27 04:26:56 38848 ----a-w- c:\windows\avastSS.scr
2010-11-27 04:26:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-27 04:26:03 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2010-11-27 04:26:02 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2010-11-27 04:26:02 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2010-11-27 04:26:01 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2010-11-27 04:17:17 49152 ----a-r- c:\docume~1\owner~1.you\applic~1\microsoft\installer\{15377c3e-9655-400f-b441-e69f0a6beafe}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2010-11-27 04:00:40 -------- d-----w- c:\windows\system32\Lang
2010-11-27 03:55:58 332800 -c--a-w- c:\windows\system32\dllcache\srv.sys
2010-11-27 03:55:33 94720 -c--a-w- c:\windows\system32\dllcache\iphlpapi.dll
2010-11-27 03:55:33 148480 -c--a-w- c:\windows\system32\dllcache\dnsapi.dll
2010-11-27 03:55:33 111616 -c--a-w- c:\windows\system32\dllcache\dhcpcsvc.dll
2010-11-27 03:55:20 181248 -c--a-w- c:\windows\system32\dllcache\rasmans.dll
2010-11-27 03:54:01 -------- d-----w- c:\program files\McAfee
2010-11-27 03:53:56 9216 ----a-w- c:\windows\system32\MpfApi.dll
2010-11-27 03:53:56 80640 ----a-w- c:\windows\system32\drivers\MpFirewall.sys
2010-11-27 03:53:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee.com Personal Firewall
2010-11-27 03:53:37 114464 ----a-w- c:\windows\system32\drivers\naiavf5x.sys
2010-11-27 03:53:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee.com
2010-11-27 03:52:56 349760 ----a-w- c:\windows\system32\mcinsctl.dll
2010-11-27 03:52:56 288320 ----a-w- c:\windows\system32\mcgdmgr.dll
2010-11-27 03:52:56 -------- d-----w- c:\program files\McAfee.com
2010-11-27 03:51:24 23552 ----a-w- c:\windows\system32\jesterss.dll
2010-11-27 03:51:24 1239209 ----a-w- c:\windows\system32\gtw_logo.scr
2010-11-27 03:51:24 -------- d-----w- c:\program files\gtw_logo
2010-11-27 03:51:20 741376 ----a-w- c:\windows\system32\BigFixSuppress.exe
2010-11-27 03:51:20 741376 ----a-w- c:\windows\system32\BigFixShortcutInStartup.exe
2010-11-27 03:51:18 67072 ----a-w- c:\windows\POWERCFG.EXE
2010-11-27 03:51:18 -------- d-----w- c:\program files\AMD Live!
2010-11-27 03:49:59 171776 -c--a-w- c:\windows\system32\dllcache\kmixer.sys
2010-11-27 03:48:08 -------- d-----w- c:\program files\MSN Encarta Plus
2010-11-27 03:46:49 -------- d-----w- c:\program files\common files\aolshare
2010-11-27 03:45:26 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2010-11-27 03:45:21 89088 ----a-r- c:\windows\system32\atl71.dll
2010-11-27 03:45:21 57344 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-11-27 03:43:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\WildTangent
2010-11-27 03:43:36 -------- d-----w- c:\windows\wt
2010-11-27 03:43:35 -------- d-----w- c:\program files\WildTangent
2010-11-27 03:43:30 -------- d-----w- c:\program files\Gateway Games
2010-11-27 03:43:16 20480 ----a-w- c:\windows\system32\Marker32.exe
2010-11-27 03:43:06 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2010-11-27 03:42:38 94208 ----a-w- c:\windows\system32\bae.dll
2010-11-27 03:42:31 13352 ----a-w- c:\windows\BigFixClientOverride.dll
2010-11-27 03:42:31 -------- d-----w- c:\program files\BigFix
2010-11-27 03:41:37 -------- d-----w- c:\program files\Digital Media Reader
2010-11-27 03:41:30 -------- d-----w- c:\windows\Downloaded Installations
2010-11-27 03:40:32 25840 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2010-11-27 03:40:32 24816 ----a-w- c:\windows\system32\mdimon.dll
2010-11-27 03:40:07 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-11-27 03:39:51 -------- d-----w- c:\windows\SHELLNEW
2010-11-27 03:38:25 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2010-11-27 03:38:25 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2010-11-27 03:38:25 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2010-11-27 03:38:25 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2010-11-27 03:38:23 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2010-11-27 03:36:42 -------- d-----w- c:\windows\system32\ReinstallBackups
2010-11-27 03:35:57 -------- d-----w- c:\program files\CONEXANT
2010-11-27 03:35:36 17024 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-11-27 03:24:44 -------- d-----w- c:\windows\creator
2010-11-27 03:22:58 102457 ----a-w- c:\windows\system32\usrv42a.dll
2010-11-27 03:21:56 35328 ----a-w- c:\windows\system32\pid.dll
2010-11-27 03:20:59 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2010-11-27 00:01:40 -------- d-----w- C:\My Backup -- 10-11-26 0501PM
2010-11-26 05:51:24 -------- d-----w- C:\My Backup -- 10-11-25 1051PM
2010-11-26 01:05:45 -------- d-----w- C:\My Backup -- 10-11-25 0605PM

==================== Find3M ====================

2010-11-27 03:47:30 24576 ----a-w- c:\windows\system32\prefscpl.cpl

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250824A rev.3.AAE -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x868C0566]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x868c6624]; MOV EAX, [0x868c66a0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EEF9C] -> \Device\Harddisk0\DR0[0x86930030]
3 CLASSPNP[0xF763005B] -> ntkrnlpa!IofCallDriver[0x804EEF9C] -> \Device\000000a9[0x8691DF18]
5 ACPI[0xF7426620] -> ntkrnlpa!IofCallDriver[0x804EEF9C] -> [0x86930940]
\Driver\atapi[0x86953BA8] -> IRP_MJ_CREATE -> 0x868C0566
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3250824A______________________________3.AAE___#5&6da396e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x868C03B2
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 15:18:19.43 ===============



DDS Attach Log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/26/2010 8:17:02 PM
System Uptime: 11/27/2010 3:15:15 PM (0 hours ago)

Motherboard: C51PVGM-GB | | C51PVGM-GB
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2009/201mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2009/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 210.925 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is FIXED (FAT32) - 5 GiB total, 2.108 GiB free.
I: is CDROM ()
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:

==== System Restore Points ===================

RP1: 11/26/2010 8:17:06 PM - System Checkpoint

==== Installed Programs ======================

Adobe Reader 7.0
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
avast! Free Antivirus
Bejeweled 2 Deluxe
BigFix
Blackhawk Striker 2
Blasterball 2 Revolution
Browser Address Error Redirector
CCleaner
Counter-Strike: Source
Digital Media Reader
Diner Dash
DVD Solution
FATE
Gateway Game Console
Google Chrome
Google Update Helper
gtw_logo
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914906)
J2SE Runtime Environment 5.0 Update 2
Malwarebytes' Anti-Malware
McAfee Uninstall Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.12)
Multimedia Keyboard Driver
Napster
Napster Burn Engine
NVIDIA Drivers
NVIDIA PhysX
Penguins!
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Recovery Software Suite Gateway
SCRABBLE
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Soft Data Fax Modem with SmartCP
Sonic Encoders
Steam
Tradewinds
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB914548

==== Event Viewer Messages From Past Week ========

11/27/2010 2:49:56 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
11/27/2010 2:49:56 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/27/2010 2:49:56 PM, error: Service Control Manager [7034] - The McAfee WSC Integration service terminated unexpectedly. It has done this 1 time(s).
11/27/2010 2:49:56 PM, error: Service Control Manager [7034] - The McAfee Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
11/27/2010 2:49:56 PM, error: Service Control Manager [7034] - The McAfee SpamKiller Server service terminated unexpectedly. It has done this 1 time(s).
11/27/2010 2:49:56 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
11/27/2010 2:49:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL TopSpeed Monitor service to connect.
11/27/2010 2:46:54 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/27/2010 2:46:53 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
11/27/2010 12:55:59 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
11/27/2010 12:28:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/27/2010 11:32:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips Processor
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Windows Time service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:43 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/26/2010 8:26:43 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/26/2010 8:26:43 PM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:42 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 8:26:42 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/26/2010 8:26:42 PM, error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: The device is not ready.

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

You're running two AV programs, Avast and McAfee.
One of them has to go.
If McAfee (preferably), use this tool to uninstall it: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

Then...

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
I uninstalled McAfee and I haven't gotten the Remind_XP.exe error yet

Heres the log for TDSSKiller :


2010/11/27 16:55:09.0781 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31
2010/11/27 16:55:09.0781 ================================================================================
2010/11/27 16:55:09.0781 SystemInfo:
2010/11/27 16:55:09.0781
2010/11/27 16:55:09.0781 OS Version: 5.1.2600 ServicePack: 2.0
2010/11/27 16:55:09.0781 Product type: Workstation
2010/11/27 16:55:09.0781 ComputerName: YOUR-A5747C8268
2010/11/27 16:55:09.0781 UserName: Owner
2010/11/27 16:55:09.0781 Windows directory: C:\WINDOWS
2010/11/27 16:55:09.0781 System windows directory: C:\WINDOWS
2010/11/27 16:55:09.0781 Processor architecture: Intel x86
2010/11/27 16:55:09.0781 Number of processors: 2
2010/11/27 16:55:09.0781 Page size: 0x1000
2010/11/27 16:55:09.0781 Boot type: Normal boot
2010/11/27 16:55:09.0781 ================================================================================
2010/11/27 16:55:10.0203 Initialize success
2010/11/27 16:55:19.0015 ================================================================================
2010/11/27 16:55:19.0015 Scan started
2010/11/27 16:55:19.0015 Mode: Manual;
2010/11/27 16:55:19.0015 ================================================================================
2010/11/27 16:55:19.0531 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/11/27 16:55:19.0640 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/27 16:55:19.0656 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/27 16:55:19.0671 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/27 16:55:19.0687 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/27 16:55:19.0750 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/11/27 16:55:19.0781 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/11/27 16:55:19.0796 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/27 16:55:19.0812 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/27 16:55:19.0875 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/27 16:55:19.0890 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/27 16:55:19.0906 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/27 16:55:19.0968 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/27 16:55:19.0984 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/27 16:55:20.0015 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/27 16:55:20.0031 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/27 16:55:20.0093 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/27 16:55:20.0109 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/27 16:55:20.0125 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/27 16:55:20.0156 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/27 16:55:20.0218 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/11/27 16:55:20.0234 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/11/27 16:55:20.0265 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/11/27 16:55:20.0312 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/11/27 16:55:20.0328 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/11/27 16:55:20.0390 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/27 16:55:20.0421 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/27 16:55:20.0500 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/27 16:55:20.0531 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/27 16:55:20.0578 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/27 16:55:20.0609 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/27 16:55:20.0625 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/27 16:55:20.0640 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/27 16:55:20.0687 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/27 16:55:20.0703 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/27 16:55:20.0750 Cdr4_xp (2552670e5fbcfdb540eeb426af39704d) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/11/27 16:55:20.0765 Cdralw2k (b761b10d6a541be69ea448a8429d30b0) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/11/27 16:55:20.0796 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/27 16:55:20.0859 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/27 16:55:20.0875 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/27 16:55:20.0890 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/27 16:55:20.0921 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/27 16:55:20.0953 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/27 16:55:20.0968 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/27 16:55:20.0984 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/27 16:55:21.0062 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/27 16:55:21.0093 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/27 16:55:21.0109 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/27 16:55:21.0187 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/27 16:55:21.0218 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/27 16:55:21.0234 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/27 16:55:21.0281 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/27 16:55:21.0312 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/27 16:55:21.0328 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/27 16:55:21.0359 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/27 16:55:21.0421 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/27 16:55:21.0437 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/27 16:55:21.0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/27 16:55:21.0515 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/27 16:55:21.0578 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/27 16:55:21.0609 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/27 16:55:21.0640 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/27 16:55:21.0703 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/11/27 16:55:21.0796 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/11/27 16:55:21.0890 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/27 16:55:21.0953 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/27 16:55:21.0968 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/27 16:55:22.0000 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/27 16:55:22.0062 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
2010/11/27 16:55:22.0140 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/27 16:55:22.0171 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/27 16:55:22.0390 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/27 16:55:22.0468 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/27 16:55:22.0484 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/27 16:55:22.0500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/27 16:55:22.0531 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/27 16:55:22.0562 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/27 16:55:22.0578 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/27 16:55:22.0593 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/27 16:55:22.0625 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/27 16:55:22.0656 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/27 16:55:22.0671 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/27 16:55:22.0734 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/27 16:55:22.0796 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/27 16:55:22.0890 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/27 16:55:22.0937 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/11/27 16:55:22.0968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/27 16:55:23.0000 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/27 16:55:23.0015 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/27 16:55:23.0031 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/27 16:55:23.0062 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/27 16:55:23.0093 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/27 16:55:23.0125 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/27 16:55:23.0156 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/27 16:55:23.0203 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/27 16:55:23.0250 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/27 16:55:23.0281 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/27 16:55:23.0296 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/27 16:55:23.0343 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/27 16:55:23.0359 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/27 16:55:23.0390 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/27 16:55:23.0453 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/27 16:55:23.0468 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/27 16:55:23.0484 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/27 16:55:23.0500 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/27 16:55:23.0515 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/27 16:55:23.0546 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/27 16:55:23.0593 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/27 16:55:23.0609 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/27 16:55:23.0640 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/27 16:55:23.0687 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/27 16:55:23.0937 nv (9e143fb3ef13b7ec1c1dd06529debadd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/27 16:55:24.0281 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/11/27 16:55:24.0312 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/11/27 16:55:24.0359 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/27 16:55:24.0390 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/27 16:55:24.0421 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/27 16:55:24.0484 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/27 16:55:24.0500 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/27 16:55:24.0531 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/27 16:55:24.0546 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/27 16:55:24.0578 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/27 16:55:24.0593 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/27 16:55:24.0671 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/27 16:55:24.0703 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/27 16:55:24.0734 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/27 16:55:24.0765 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/27 16:55:24.0781 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/27 16:55:24.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/27 16:55:24.0828 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/27 16:55:24.0843 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/27 16:55:24.0859 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/27 16:55:24.0875 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/27 16:55:24.0890 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/27 16:55:24.0906 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/27 16:55:24.0953 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/27 16:55:24.0968 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/27 16:55:24.0984 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/27 16:55:25.0000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/27 16:55:25.0031 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/27 16:55:25.0046 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/27 16:55:25.0078 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/27 16:55:25.0125 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/27 16:55:25.0156 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/27 16:55:25.0218 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/27 16:55:25.0234 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/27 16:55:25.0281 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/27 16:55:25.0296 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/27 16:55:25.0328 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/27 16:55:25.0375 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/27 16:55:25.0390 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/27 16:55:25.0453 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/27 16:55:25.0484 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/27 16:55:25.0531 Srv (e03b4ea274c9e509cca7f9f0cec24232) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/27 16:55:25.0578 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/27 16:55:25.0640 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/27 16:55:25.0671 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/27 16:55:25.0687 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/27 16:55:25.0703 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/27 16:55:25.0718 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/27 16:55:25.0781 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/27 16:55:25.0828 Tcpip (1dbf125862891817f374f407626967f4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/27 16:55:25.0875 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/27 16:55:25.0890 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/27 16:55:25.0937 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/27 16:55:25.0968 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/27 16:55:26.0015 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/27 16:55:26.0031 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/27 16:55:26.0062 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/27 16:55:26.0093 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/27 16:55:26.0125 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/27 16:55:26.0140 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/27 16:55:26.0203 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/27 16:55:26.0265 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/27 16:55:26.0312 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/27 16:55:26.0343 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/11/27 16:55:26.0359 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/27 16:55:26.0375 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/27 16:55:26.0406 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/27 16:55:26.0437 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/27 16:55:26.0500 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/27 16:55:26.0578 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/27 16:55:26.0656 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/27 16:55:26.0781 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/27 16:55:26.0796 ================================================================================
2010/11/27 16:55:26.0796 Scan finished
2010/11/27 16:55:26.0796 ================================================================================
2010/11/27 16:55:26.0812 Detected object count: 1
2010/11/27 16:55:45.0171 \HardDisk0 - will be cured after reboot
2010/11/27 16:55:45.0171 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/27 16:55:53.0437 Deinitialize success
 
Sorry about this, this is a test post, I didn't read correctly if I had to wait for my post to be posted, after my scan it rebooted too fast for me to see.

Edit : Sorry the next post will be a double post I posted again and got to read it it said "You will have to wait for a moderator to approve your post"
 
Good job :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I had difficulties with the first download but the second one worked fine.

Here are the Logs :

MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 183):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xF7A4F000 \WINDOWS\system32\KDCOM.DLL
0xF795F000 \WINDOWS\system32\BOOTVID.dll
0xF7420000 ACPI.sys
0xF7A51000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF740F000 pci.sys
0xF754F000 isapnp.sys
0xF755F000 ohci1394.sys
0xF756F000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7963000 compbatt.sys
0xF7967000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B17000 pciide.sys
0xF77CF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A53000 aliide.sys
0xF7A55000 intelide.sys
0xF7A57000 toside.sys
0xF7A59000 viaide.sys
0xF7A5B000 cmdide.sys
0xF73F1000 pcmcia.sys
0xF757F000 MountMgr.sys
0xF73D2000 ftdisk.sys
0xF7A5D000 dmload.sys
0xF73AC000 dmio.sys
0xF796B000 ACPIEC.sys
0xF7B18000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF77D7000 PartMgr.sys
0xF758F000 VolSnap.sys
0xF796F000 cpqarray.sys
0xF7394000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF72BE000 IASTOR.SYS
0xF72A6000 atapi.sys
0xF7973000 aha154x.sys
0xF77DF000 sparrow.sys
0xF7977000 symc810.sys
0xF759F000 aic78xx.sys
0xF797B000 dac960nt.sys
0xF75AF000 ql10wnt.sys
0xF797F000 amsint.sys
0xF77E7000 asc.sys
0xF7983000 asc3550.sys
0xF77EF000 mraid35x.sys
0xF77F7000 i2omp.sys
0xF7987000 ini910u.sys
0xF75BF000 ql1240.sys
0xF75CF000 aic78u2.sys
0xF77FF000 symc8xx.sys
0xF7807000 sym_hi.sys
0xF780F000 sym_u3.sys
0xF7817000 ABP480N5.SYS
0xF781F000 asc3350p.sys
0xF7A5F000 cd20xrnt.sys
0xF75DF000 ultra.sys
0xF728D000 adpu160m.sys
0xF7827000 dpti2o.sys
0xF75EF000 ql1080.sys
0xF75FF000 ql1280.sys
0xF760F000 ql12160.sys
0xF782F000 perc2.sys
0xF7A61000 perc2hib.sys
0xF7837000 hpn.sys
0xF798B000 cbidf2k.sys
0xF7261000 dac2w2k.sys
0xF761F000 disk.sys
0xF762F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7242000 fltMgr.sys
0xF7230000 sr.sys
0xF783F000 PxHelp20.sys
0xF7219000 KSecDD.sys
0xF718C000 Ntfs.sys
0xF715F000 NDIS.sys
0xF763F000 sisagp.sys
0xF764F000 viaagp.sys
0xF7144000 Mup.sys
0xF765F000 alim1541.sys
0xF766F000 amdagp.sys
0xF767F000 agp440.sys
0xF768F000 agpCPQ.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\processr.sys
0xF6A31000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6A1D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF794F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF69FA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7957000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7134000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7124000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7114000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7104000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF69D7000 \SystemRoot\system32\DRIVERS\ks.sys
0xF784F000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF69A0000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF68A3000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF67F6000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF788F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF70F4000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF67D1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7A2F000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF6787000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF6750000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF7897000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF70E4000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A33000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6715000 \SystemRoot\system32\DRIVERS\parport.sys
0xF70D4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF789F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7BF2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF70C4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A37000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF665E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF70B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF70A4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78A7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6625000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76BF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78AF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78B7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF78BF000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF6162000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76CF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78C7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A75000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF612E000 \SystemRoot\system32\DRIVERS\update.sys
0xF7078000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76DF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76FF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A79000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF3C07000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF3BE5000 \SystemRoot\system32\drivers\portcls.sys
0xF771F000 \SystemRoot\system32\drivers\drmk.sys
0xF772F000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF7A7D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF78D7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF78DF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7A7F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B68000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A81000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78EF000 \SystemRoot\System32\drivers\vga.sys
0xF7A83000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A85000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78F7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78FF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7034000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3AEA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3A92000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF775F000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF3A71000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF3A49000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF776F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF3A27000 \SystemRoot\System32\drivers\afd.sys
0xF777F000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF778F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF39FC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF398D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF779F000 \SystemRoot\System32\Drivers\Fips.SYS
0xF3966000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7917000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF391B000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF3903000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A89000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF663A000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7927000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BD4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xF799F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xBA7AC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA609000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xBA20C000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA361000 \SystemRoot\system32\drivers\sysaudio.sys
0xF3613000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB9EE8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7AE1000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB9D67000 \SystemRoot\System32\Drivers\HTTP.sys
0xB9EB4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB9C4D000 \SystemRoot\system32\DRIVERS\srv.sys
0xF61A3000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB94C9000 \SystemRoot\system32\drivers\kmixer.sys
0xB95F3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB9A2B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA239000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7A77000 \SystemRoot\system32\drivers\splitter.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
620 C:\WINDOWS\system32\smss.exe
676 csrss.exe
700 C:\WINDOWS\system32\winlogon.exe
744 C:\WINDOWS\system32\services.exe
756 C:\WINDOWS\system32\lsass.exe
928 C:\WINDOWS\system32\svchost.exe
976 svchost.exe
1072 C:\WINDOWS\system32\svchost.exe
1196 svchost.exe
1236 svchost.exe
1420 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1572 C:\WINDOWS\explorer.exe
1924 C:\WINDOWS\ehome\ehtray.exe
1940 C:\Program Files\Digital Media Reader\readericon45G.exe
1948 C:\WINDOWS\zHotkey.exe
2000 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
2008 C:\WINDOWS\system32\spoolsv.exe
2016 C:\WINDOWS\RTHDCPL.exe
196 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
204 C:\Program Files\QuickTime\qttask.exe
244 C:\WINDOWS\system32\rundll32.exe
292 C:\Program Files\BigFix\bigfix.exe
320 C:\Program Files\Common Files\AOL\1290829611\EE\AOLHostManager.exe
396 C:\PROGRA~1\COMMON~1\AOL\129082~1\EE\AOLServiceHost.exe
1156 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
1176 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
1280 C:\WINDOWS\ehome\ehrecvr.exe
1248 aoltpspd.exe
1364 C:\WINDOWS\ehome\ehSched.exe
1916 C:\WINDOWS\system32\nvsvc32.exe
2080 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
2120 svchost.exe
2376 mcrdsvc.exe
3120 C:\Program Files\Google\Chrome\Application\chrome.exe
3172 alg.exe
3472 C:\WINDOWS\ehome\ehmsas.exe
3852 C:\WINDOWS\system32\svchost.exe
4052 C:\WINDOWS\system32\dllhost.exe
2324 C:\WINDOWS\system32\wscntfy.exe
2760 C:\Program Files\Google\Chrome\Application\chrome.exe
2644 C:\Program Files\Google\Chrome\Application\chrome.exe
2676 C:\WINDOWS\system32\wuauclt.exe
1312 C:\Program Files\Google\Chrome\Application\chrome.exe
2836 C:\Program Files\Steam\Steam.exe
2660 C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`57acfa00 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST3250824A, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD


Done!


ComboFix :


ComboFix 10-11-27.01 - Owner 11/27/2010 20:57:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.318 [GMT -8:00]
Running from: c:\documents and settings\Owner.YOUR-A5747C8268\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-28 )))))))))))))))))))))))))))))))
.

2010-11-28 01:32 . 2010-11-28 01:32 -------- d-----w- c:\windows\LastGood
2010-11-27 21:32 . 2010-11-27 21:32 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-11-27 20:40 . 2010-11-27 20:40 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-11-27 19:29 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-27 19:29 . 2010-11-27 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-27 18:53 . 2010-11-27 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-27 18:53 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-27 18:42 . 2010-11-27 18:43 -------- d-----w- c:\program files\CCleaner
2010-11-27 05:35 . 2010-11-27 05:35 -------- d-----w- c:\program files\AIM
2010-11-27 05:35 . 2010-11-27 05:35 -------- d-----w- c:\program files\HLDJ
2010-11-27 05:35 . 2010-11-27 05:35 -------- d-----w- c:\program files\GoldWave
2010-11-27 05:35 . 2010-11-27 05:35 -------- d-----w- c:\program files\Illustrate
2010-11-27 05:35 . 2010-11-27 05:36 -------- d-----w- c:\program files\Warcraft III
2010-11-27 05:31 . 2010-11-27 05:31 -------- d-----w- c:\windows\system32\LogFiles
2010-11-27 05:31 . 2010-11-27 05:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-11-27 05:30 . 2010-11-27 05:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-11-27 05:21 . 2010-11-27 05:21 -------- d-----w- c:\windows\system32\AGEIA
2010-11-27 05:21 . 2010-11-27 05:22 -------- d-----w- c:\program files\AGEIA Technologies
2010-11-27 05:20 . 2010-11-27 05:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-27 05:20 . 2010-11-27 05:20 -------- d-----w- c:\windows\nview
2010-11-27 05:20 . 2009-01-15 16:19 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-11-27 05:18 . 2010-11-27 05:18 -------- d-----w- C:\NVIDIA
2010-11-27 04:37 . 2010-11-27 04:37 -------- d-----w- c:\windows\Sun
2010-11-27 04:34 . 2010-11-28 04:00 -------- d-----w- c:\program files\Steam
2010-11-27 04:27 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-27 04:27 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-27 04:27 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-27 04:27 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-27 04:27 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-27 04:27 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-27 04:27 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-27 04:26 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-27 04:26 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-27 04:26 . 2010-11-27 04:26 -------- d-----w- c:\program files\Alwil Software
2010-11-27 04:26 . 2010-11-27 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-27 04:17 . 2010-11-27 03:50 49152 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2010-11-27 04:17 . 2010-11-27 03:50 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2010-11-27 04:17 . 2010-11-27 03:50 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2010-11-27 04:17 . 2010-11-27 03:52 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2010-11-27 04:17 . 2010-11-27 03:47 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2010-11-27 04:17 . 2010-11-27 03:19 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-11-27 04:00 . 2010-11-28 00:56 -------- d-----w- c:\windows\system32\Lang
2010-11-27 03:55 . 2006-04-21 06:12 332800 -c--a-w- c:\windows\system32\dllcache\srv.sys
2010-11-27 03:55 . 2006-05-19 12:59 94720 -c--a-w- c:\windows\system32\dllcache\iphlpapi.dll
2010-11-27 03:55 . 2006-05-19 12:59 148480 -c--a-w- c:\windows\system32\dllcache\dnsapi.dll
2010-11-27 03:55 . 2006-05-19 12:59 111616 -c--a-w- c:\windows\system32\dllcache\dhcpcsvc.dll
2010-11-27 03:55 . 2006-06-22 10:47 181248 -c--a-w- c:\windows\system32\dllcache\rasmans.dll
2010-11-27 03:52 . 2010-11-27 03:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\SampleView
2010-11-27 03:51 . 2010-11-27 04:17 -------- d-----w- c:\documents and settings\Owner
2010-11-27 03:51 . 2010-11-27 03:51 -------- d-----w- c:\program files\gtw_logo
2010-11-27 03:51 . 2006-02-06 20:24 1239209 ----a-w- c:\windows\system32\gtw_logo.scr
2010-11-27 03:51 . 2003-07-03 23:48 23552 ----a-w- c:\windows\system32\jesterss.dll
2010-11-27 03:51 . 2010-11-27 04:27 -------- d-----w- c:\program files\Google
2010-11-27 03:51 . 2006-05-24 17:28 741376 ----a-w- c:\windows\system32\BigFixShortcutInStartup.exe
2010-11-27 03:51 . 2006-05-24 17:28 741376 ----a-w- c:\windows\system32\BigFixSuppress.exe
2010-11-27 03:51 . 2010-11-27 03:51 -------- d-----w- c:\program files\AMD Live!
2010-11-27 03:51 . 2003-03-25 13:00 67072 ----a-w- c:\windows\POWERCFG.EXE
2010-11-27 03:49 . 2004-08-04 07:07 171776 -c--a-w- c:\windows\system32\dllcache\kmixer.sys
2010-11-27 03:48 . 2010-11-27 03:48 -------- d-----w- c:\program files\Microsoft Works
2010-11-27 03:48 . 2010-11-27 03:48 -------- d-----w- c:\program files\MSN Encarta Plus
2010-11-27 03:46 . 2010-11-27 03:48 -------- d-----w- c:\program files\America Online 9.0
2010-11-27 03:45 . 2010-11-27 03:45 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2010-11-27 03:45 . 2010-11-27 03:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-27 03:45 . 2004-12-14 10:19 57344 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-27 03:45 . 2003-03-19 05:05 89088 ----a-r- c:\windows\system32\atl71.dll
2010-11-27 03:43 . 2010-11-27 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-11-27 03:43 . 2010-11-27 03:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Wildtangent
2010-11-27 03:43 . 2010-11-27 03:43 -------- d-----w- c:\windows\wt
2010-11-27 03:43 . 2010-11-27 03:43 -------- d-----w- c:\program files\WildTangent
2010-11-27 03:43 . 2010-11-27 03:45 -------- d-----w- c:\program files\Gateway Games
2010-11-27 03:43 . 2004-09-04 00:07 20480 ----a-w- c:\windows\system32\Marker32.exe
2010-11-27 03:43 . 2005-03-04 11:36 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2010-11-27 03:42 . 2010-11-27 03:43 -------- d-----w- c:\program files\Java
2010-11-27 03:42 . 2010-11-27 03:42 -------- d-----w- c:\program files\Common Files\Java
2010-11-27 03:42 . 2010-11-27 03:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
2010-11-27 03:42 . 2006-01-31 19:54 94208 ----a-w- c:\windows\system32\bae.dll
2010-11-27 03:42 . 2010-11-27 03:42 -------- d-----w- c:\program files\BigFix
2010-11-27 03:42 . 2005-10-11 20:48 13352 ----a-w- c:\windows\BigFixClientOverride.dll
2010-11-27 03:41 . 2010-11-27 03:41 -------- d-----w- c:\program files\Digital Media Reader
2010-11-27 03:41 . 2010-11-27 03:41 -------- d-----w- c:\windows\Downloaded Installations
2010-11-27 03:40 . 2004-03-22 23:17 25840 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-11-27 03:40 . 2004-03-22 23:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2010-11-27 03:40 . 2010-11-27 03:40 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-11-27 03:39 . 2010-11-27 03:40 -------- d-----w- c:\windows\SHELLNEW
2010-11-27 03:39 . 2010-11-27 03:39 -------- d-----w- c:\program files\Microsoft.NET
2010-11-27 03:39 . 2010-11-27 03:39 -------- d-----r- C:\MSOCache
2010-11-27 03:38 . 2010-11-27 03:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-11-27 03:38 . 2010-11-27 03:38 -------- d-----w- c:\program files\CyberLink
2010-11-27 03:38 . 2010-11-27 03:46 -------- d-----w- c:\program files\Common Files\InstallShield
2010-11-27 03:36 . 2010-11-27 03:19 -------- d-----w- c:\documents and settings\Default User\WINDOWS
2010-11-27 03:35 . 2010-11-27 03:35 -------- d-----w- c:\program files\CONEXANT
2010-11-27 03:35 . 2004-08-04 07:08 17024 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-11-27 03:24 . 2010-11-27 03:54 -------- d-----w- c:\windows\creator
2010-11-27 03:22 . 2001-08-17 22:36 102457 ----a-w- c:\windows\system32\usrv42a.dll
2010-11-27 03:21 . 2004-08-04 00:56 35328 ----a-w- c:\windows\system32\pid.dll
2010-11-27 03:20 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2010-11-27 00:01 . 2010-11-27 03:14 -------- d-----w- C:\My Backup -- 10-11-26 0501PM
2010-11-26 05:51 . 2010-11-27 03:11 -------- d-----w- C:\My Backup -- 10-11-25 1051PM
2010-11-26 01:05 . 2010-11-27 03:09 -------- d-----w- C:\My Backup -- 10-11-25 0605PM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-27 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"HostManager"="c:\program files\Common Files\AOL\1290829611\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-09 15473664]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-27 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2010-11-26 2168360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:e82eaa99b39

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1290829611\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/26/2010 8:27 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/26/2010 8:27 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2010 8:27 PM 136176]
.
Contents of the 'Scheduled Tasks' folder

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 04:27]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 04:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.YOUR-A5747C8268\Application Data\Mozilla\Firefox\Profiles\i1ag7lk2.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2010-11-27 21:03:06
ComboFix-quarantined-files.txt 2010-11-28 05:03

Pre-Run: 226,240,909,312 bytes free
Post-Run: 226,202,972,160 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 90AF4D4406E4BC4974E5EDDC88A97FAC
 
The log looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OLG.txt Part 1

Computers doing great! Although, I've been getting the Generic Host Process for Win32 Services Error, but I didn't want to mention it in this thread because my friends (the one who call you god-tier :) ) advise me to upgrade to SP3. I no longer get the Remind_xp.exe pop up, Thanks alot!

OLG:
OTL logfile created on: 11/27/2010 9:56:51 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 430.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.51 Gb Total Space | 210.61 Gb Free Space | 92.57% Space Free | Partition Type: NTFS
Drive H: | 5.36 Gb Total Space | 2.11 Gb Free Space | 39.34% Space Free | Partition Type: FAT32
Drive J: | 1.86 Gb Total Space | 1.11 Gb Free Space | 59.77% Space Free | Partition Type: FAT

Computer Name: YOUR-A5747C8268 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/27 21:54:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads\OTL.exe
PRC - [2010/11/26 20:34:53 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010/11/26 19:51:17 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2005/12/09 18:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/10/11 12:47:58 | 002,168,360 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
PRC - [2004/12/08 17:57:36 | 000,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2004/11/03 13:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1290829611\EE\AOLHostManager.exe
PRC - [2004/11/03 13:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1290829611\EE\AOLServiceHost.exe
PRC - [2004/10/20 06:40:04 | 000,010,328 | ---- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 12:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 12:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/10 11:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/27 21:54:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads\OTL.exe
MOD - [2004/08/10 11:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2001/07/02 20:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/26 19:51:17 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004/10/20 06:40:04 | 000,010,328 | ---- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 12:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/01/15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/09 10:44:12 | 004,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
DRV - [2005/07/28 10:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/28 10:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/16 16:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/16 16:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/16 16:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/11/10 17:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 17:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/08/10 11:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 11:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/10 11:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/10 11:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/10 11:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/10 11:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 11:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 11:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 11:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/10 11:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 11:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 11:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/10 11:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/10 11:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 11:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 15:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 15:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2003/01/10 13:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=nofound&Br=nofound&Loc=nofound&Sys=nofound&M=GT5220
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/26 20:53:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/26 20:26:01 | 000,000,000 | ---D | M]

[2010/11/26 20:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Mozilla\Extensions
[2010/11/26 20:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Mozilla\Firefox\Profiles\i1ag7lk2.default\extensions
[2010/11/26 20:26:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/11/27 21:01:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1290829611\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 01:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /M:e82eaa99b39) - C:\WINDOWS\System32\aswBoot.exe (AVAST Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/27 20:55:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/27 20:38:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/27 20:38:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/27 20:38:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/27 20:38:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/27 20:38:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/27 20:38:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/27 20:38:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/27 17:32:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/11/27 17:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/11/27 16:54:33 | 001,342,552 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\TDSSKiller.exe
[2010/11/27 16:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\WinRAR
[2010/11/27 16:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/11/27 13:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/27 12:51:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\My Videos
[2010/11/27 12:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/27 11:30:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/11/27 11:29:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/27 11:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/27 10:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Malwarebytes
[2010/11/27 10:53:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/27 10:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/27 10:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads
[2010/11/27 10:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/27 10:39:52 | 002,963,664 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\ccsetup301.exe
[2010/11/26 21:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/11/26 21:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\HLDJ
[2010/11/26 21:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2010/11/26 21:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Illustrate
[2010/11/26 21:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Warcraft III
[2010/11/26 21:31:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/11/26 21:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/11/26 21:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/11/26 21:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2010/11/26 21:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010/11/26 21:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/11/26 21:20:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/11/26 21:18:35 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/11/26 20:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\Mozilla
[2010/11/26 20:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Mozilla
[2010/11/26 20:37:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/11/26 20:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Macromedia
[2010/11/26 20:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Adobe
[2010/11/26 20:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/11/26 20:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\Temp
[2010/11/26 20:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\Google
[2010/11/26 20:27:10 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/26 20:27:10 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/26 20:27:09 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/26 20:27:09 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/26 20:27:08 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/26 20:27:08 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/26 20:27:07 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/26 20:26:56 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/26 20:26:55 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/26 20:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/26 20:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/26 20:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/26 20:17:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft
[2010/11/26 20:17:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Cookies
[2010/11/26 20:17:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\SendTo
[2010/11/26 20:17:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Recent
[2010/11/26 20:17:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data
[2010/11/26 20:17:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Start Menu
[2010/11/26 20:17:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\My Pictures
[2010/11/26 20:17:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\My Music
[2010/11/26 20:17:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents
[2010/11/26 20:17:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Favorites
[2010/11/26 20:17:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Templates
[2010/11/26 20:17:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\PrintHood
[2010/11/26 20:17:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\NetHood
[2010/11/26 20:17:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings
[2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\You've Got Pictures Screensaver
[2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\WINDOWS
[2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\Wildtangent
[2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\SampleView
[2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\Microsoft
[2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Identities
[2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop
[2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\ApplicationHistory
[2010/11/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2010/11/26 20:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/11/26 19:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\gtw_logo
[2010/11/26 19:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/11/26 19:51:20 | 000,741,376 | ---- | C] (New Boundary Technologies, Inc.) -- C:\WINDOWS\System32\BigFixSuppress.exe
[2010/11/26 19:51:20 | 000,741,376 | ---- | C] (New Boundary Technologies, Inc.) -- C:\WINDOWS\System32\BigFixShortcutInStartup.exe
[2010/11/26 19:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\AMD Live!
[2010/11/26 19:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money 2006
[2010/11/26 19:49:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/11/26 19:49:11 | 002,807,808 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2010/11/26 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/11/26 19:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/11/26 19:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Encarta Plus
[2010/11/26 19:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2010/11/26 19:47:43 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2010/11/26 19:47:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/11/26 19:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/26 19:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/11/26 19:47:34 | 000,000,000 | ---D | C] -- C:\My Music
[2010/11/26 19:47:30 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/26 19:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/11/26 19:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/11/26 19:47:23 | 000,102,400 | ---- | C] (4Developers LLC) -- C:\WINDOWS\System32\SimpleRegistry.dll
[2010/11/26 19:47:23 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2010/11/26 19:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/26 19:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/11/26 19:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/11/26 19:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2010/11/26 19:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AolCoach
[2010/11/26 19:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL Downloads
[2010/11/26 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2010/11/26 19:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2010/11/26 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\America Online 9.0
[2010/11/26 19:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/11/26 19:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/11/26 19:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/11/26 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Napster
[2010/11/26 19:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 2006
[2010/11/26 19:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/26 19:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/26 19:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/26 19:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/26 19:43:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2010/11/26 19:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent
[2010/11/26 19:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Gateway Games
[2010/11/26 19:43:16 | 000,020,480 | ---- | C] (Gateway) -- C:\WINDOWS\System32\Marker32.exe
[2010/11/26 19:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/26 19:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/26 19:42:38 | 000,094,208 | ---- | C] (Gateway Inc.) -- C:\WINDOWS\System32\bae.dll
[2010/11/26 19:42:31 | 000,013,352 | ---- | C] (BigFix, Inc.) -- C:\WINDOWS\BigFixClientOverride.dll
[2010/11/26 19:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\BigFix
[2010/11/26 19:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Media Reader
[2010/11/26 19:41:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/11/26 19:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/11/26 19:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/11/26 19:39:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/11/26 19:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/11/26 19:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/11/26 19:39:23 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/11/26 19:38:26 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/11/26 19:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/11/26 19:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/11/26 19:36:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/11/26 19:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/11/26 19:33:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/11/26 19:24:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\creator
[2010/11/26 19:23:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SMINST
[2010/11/26 19:23:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\I386
[2010/11/26 16:01:40 | 000,000,000 | ---D | C] -- C:\My Backup -- 10-11-26 0501PM
[2010/11/25 21:51:24 | 000,000,000 | ---D | C] -- C:\My Backup -- 10-11-25 1051PM
[2010/11/25 17:05:45 | 000,000,000 | ---D | C] -- C:\My Backup -- 10-11-25 0605PM

========== Files - Modified Within 30 Days ==========

[2010/11/27 21:32:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/27 21:01:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/27 20:55:25 | 000,000,314 | RHS- | M] () -- C:\boot.ini
[2010/11/27 20:37:34 | 003,981,232 | R--- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\ComboFix.exe
[2010/11/27 20:32:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/27 16:56:52 | 000,206,530 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/27 16:56:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/27 16:56:46 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/27 16:54:25 | 001,228,013 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\tdsskiller.zip
[2010/11/27 12:51:01 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/27 12:51:01 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Windows Media Player.lnk
[2010/11/27 11:29:22 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/27 10:43:47 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/27 10:39:55 | 002,963,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\ccsetup301.exe
[2010/11/26 21:38:13 | 000,000,076 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Counter-Strike Source.url
[2010/11/26 21:33:12 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/11/26 21:32:16 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Internet.lnk
[2010/11/26 21:10:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/26 20:33:13 | 001,588,224 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\SteamInstall.msi
[2010/11/26 20:27:52 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/26 20:27:52 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/26 20:27:10 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/26 20:27:08 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/26 20:26:36 | 051,515,288 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\setup_av_free.exe
[2010/11/26 20:26:04 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/26 20:26:04 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/26 20:17:32 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/26 20:17:25 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/11/26 20:17:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/26 20:17:02 | 000,000,097 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/26 20:04:15 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/26 20:01:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Gateway_GT5220__GCN6911003678.MRK
[2010/11/26 20:01:18 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/11/26 20:00:55 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/11/26 20:00:54 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/11/26 20:00:09 | 000,000,000 | ---- | M] () -- C:\REQUEST_OEMRESET_ENDUSER
[2010/11/26 19:59:24 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/26 19:57:06 | 000,401,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/26 19:57:06 | 000,062,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/26 19:56:07 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/26 19:54:48 | 000,000,521 | ---- | M] () -- C:\WINDOWS\System32\emver.ini
[2010/11/26 19:48:06 | 000,001,211 | -H-- | M] () -- C:\IPH.PH
[2010/11/26 19:48:05 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL Trial Membership Included!.lnk
[2010/11/26 19:48:05 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2010/11/26 19:47:41 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/11/26 19:47:30 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/26 19:46:43 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/11/26 19:45:45 | 000,000,004 | ---- | M] () -- C:\WINDOWS\Pix11.dat
[2010/11/26 19:45:08 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Gateway Games.lnk
[2010/11/26 19:45:05 | 000,002,104 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2010/11/26 19:42:31 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
[2010/11/26 19:40:35 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/11/26 19:38:12 | 000,000,002 | ---- | M] () -- C:\AUDIT_INSTALL_IN_PROGRESS
[2010/11/26 19:36:38 | 000,000,002 | RHS- | M] () -- C:\USER
[2010/11/26 19:25:15 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2010/11/26 15:40:16 | 001,342,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\TDSSKiller.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

========== Files Created - No Company Name ==========
 
OLG.txt Part 2

[2010/11/27 20:55:25 | 000,000,199 | ---- | C] () -- C:\Boot.bak
[2010/11/27 20:55:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/27 20:38:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/27 20:38:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/27 20:38:49 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/27 20:38:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/27 20:38:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/27 20:31:42 | 003,981,232 | R--- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\ComboFix.exe
[2010/11/27 16:54:18 | 001,228,013 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\tdsskiller.zip
[2010/11/27 12:51:01 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/27 12:28:45 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/27 11:29:22 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/27 10:43:47 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/26 21:38:13 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Counter-Strike Source.url
[2010/11/26 21:32:16 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Internet.lnk
[2010/11/26 21:20:30 | 000,206,530 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/26 21:20:27 | 000,018,725 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/11/26 20:45:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/26 20:34:26 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/11/26 20:33:22 | 001,588,224 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\SteamInstall.msi
[2010/11/26 20:27:52 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/26 20:27:52 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/26 20:27:16 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/26 20:27:15 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/26 20:27:10 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/26 20:26:28 | 051,515,288 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\setup_av_free.exe
[2010/11/26 20:26:04 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/26 20:26:04 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/26 20:17:27 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Windows Media Player.lnk
[2010/11/26 20:17:17 | 000,002,104 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2010/11/26 20:17:17 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/11/26 20:17:17 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/26 20:17:17 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Gateway Games.lnk
[2010/11/26 20:17:17 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/11/26 20:17:17 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2010/11/26 20:17:17 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/11/26 20:04:15 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/26 20:01:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Gateway_GT5220__GCN6911003678.MRK
[2010/11/26 20:01:18 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/11/26 20:00:54 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/11/26 20:00:52 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/11/26 19:51:24 | 001,239,209 | ---- | C] () -- C:\WINDOWS\System32\gtw_logo.scr
[2010/11/26 19:51:24 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2010/11/26 19:51:24 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\gtw.ico
[2010/11/26 19:51:18 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AMD Live!.url
[2010/11/26 19:50:22 | 000,003,632 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2010/11/26 19:50:22 | 000,001,864 | ---- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2010/11/26 19:50:07 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/11/26 19:50:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/11/26 19:48:05 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL Trial Membership Included!.lnk
[2010/11/26 19:46:43 | 000,001,211 | -H-- | C] () -- C:\IPH.PH
[2010/11/26 19:46:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/26 19:46:04 | 000,550,912 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2010/11/26 19:46:04 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2010/11/26 19:46:04 | 000,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe
[2010/11/26 19:46:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2010/11/26 19:46:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2010/11/26 19:46:04 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2010/11/26 19:46:04 | 000,005,280 | ---- | C] () -- C:\WINDOWS\hotbtnv.vxd
[2010/11/26 19:46:04 | 000,004,223 | ---- | C] () -- C:\WINDOWS\mHotkey.reg
[2010/11/26 19:45:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2010/11/26 19:42:38 | 000,002,238 | ---- | C] () -- C:\WINDOWS\System32\32-aol.ico
[2010/11/26 19:42:38 | 000,001,406 | ---- | C] () -- C:\WINDOWS\System32\16-aol.ico
[2010/11/26 19:42:31 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
[2010/11/26 19:40:37 | 000,172,032 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\60 day trial - Office 2003.exe
[2010/11/26 19:40:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/26 19:38:21 | 000,051,656 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.bmp
[2010/11/26 19:38:12 | 000,000,002 | ---- | C] () -- C:\AUDIT_INSTALL_IN_PROGRESS
[2010/11/26 19:36:38 | 000,000,002 | RHS- | C] () -- C:\USER
[2010/11/26 19:36:38 | 000,000,000 | ---- | C] () -- C:\REQUEST_OEMRESET_ENDUSER
[2010/11/26 19:25:15 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2010/11/26 19:23:41 | 000,133,221 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2010/11/26 19:21:32 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2009/01/15 08:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/15 08:19:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/15 08:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/15 08:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/10/26 12:55:46 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/10/26 12:53:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/06/21 01:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 01:24:58 | 000,001,276 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 01:24:57 | 000,000,521 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/16 18:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 20:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/11/26 20:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/26 19:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/11/26 19:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/26 19:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/26 19:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\SampleView

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/11/26 19:38:12 | 000,000,002 | ---- | M] () -- C:\AUDIT_INSTALL_IN_PROGRESS
[2006/06/17 01:41:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/07/05 13:13:45 | 000,000,199 | ---- | M] () -- C:\Boot.bak
[2010/11/27 20:55:25 | 000,000,314 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/27 21:03:06 | 000,015,235 | ---- | M] () -- C:\ComboFix.txt
[2006/06/17 01:41:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/27 16:56:46 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2006/06/17 01:41:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/26 19:48:06 | 000,001,211 | -H-- | M] () -- C:\IPH.PH
[2006/06/17 01:41:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 11:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/10 11:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/11/27 16:56:46 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/11/26 19:39:12 | 000,000,090 | ---- | M] () -- C:\powerdvd.log
[2010/11/26 20:00:09 | 000,000,000 | ---- | M] () -- C:\REQUEST_OEMRESET_ENDUSER
[2010/11/27 16:55:53 | 000,046,196 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_27.11.2010_16.55.09_log.txt
[2010/11/26 19:36:38 | 000,000,002 | RHS- | M] () -- C:\USER

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 11:00:00 | 000,000,067 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/06/16 18:30:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/06/16 18:30:11 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/16 18:30:11 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2006/06/17 01:41:25 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/26 20:17:32 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/06/17 01:46:25 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/11/26 21:16:41 | 075,837,104 | ---- | M] (NVIDIA Corporation ) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\181.22_geforce_winxp_32bit_english_whql.exe
[2010/11/27 10:39:55 | 002,963,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\ccsetup301.exe
[2010/11/27 20:37:34 | 003,981,232 | R--- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\ComboFix.exe
[2010/11/26 20:21:26 | 008,567,280 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\Firefox Setup 3.6.12.exe
[2010/11/26 20:26:36 | 051,515,288 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\setup_av_free.exe
[2010/11/26 15:40:16 | 001,342,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/26 20:17:31 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/27 21:55:10 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A5747C8268\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/10 11:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/10 11:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 07:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 07:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2004/08/04 07:06:34 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 07:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/10/13 15:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 07:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 07:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 07:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 07:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 07:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Extras.txt

OTL Extras logfile created on: 11/27/2010 9:56:51 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner.YOUR-A5747C8268\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 430.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.51 Gb Total Space | 210.61 Gb Free Space | 92.57% Space Free | Partition Type: NTFS
Drive H: | 5.36 Gb Total Space | 2.11 Gb Free Space | 39.34% Space Free | Partition Type: FAT32
Drive J: | 1.86 Gb Total Space | 1.11 Gb Free Space | 59.77% Space Free | Partition Type: FAT

Computer Name: YOUR-A5747C8268 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1290829611\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1290829611\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"avast5" = avast! Free Antivirus
"BigFix" = BigFix
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Gateway Game Console" = Gateway Game Console
"Google Chrome" = Google Chrome
"gtw_logo" = gtw_logo
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Port Magic" = Pure Networks Port Magic
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Steam App 240" = Counter-Strike: Source
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR 4.00 beta 2 (32-bit)
"WT010646" = Bejeweled 2 Deluxe
"WT010647" = Blackhawk Striker 2
"WT010648" = Blasterball 2 Revolution
"WT010649" = Diner Dash
"WT010650" = FATE
"WT010651" = Penguins!
"WT010654" = SCRABBLE
"WT010655" = Tradewinds
"WT010660" = Polar Bowler
"WT010661" = Polar Golfer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/27/2010 7:04:08 PM | Computer Name = YOUR-A5747C8268 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/27/2010 7:04:08 PM | Computer Name = YOUR-A5747C8268 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/27/2010 7:04:15 PM | Computer Name = YOUR-A5747C8268 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module mshtml.dll, version 6.0.2900.2912, fault address 0x0007ae88.

Error - 11/27/2010 7:16:01 PM | Computer Name = YOUR-A5747C8268 | Source = Application Error | ID = 1000
Description = Faulting application remind_xp.exe, version 1.0.3.0, faulting module
remind_xp.exe, version 1.0.3.0, fault address 0x000160bf.

Error - 11/27/2010 8:48:32 PM | Computer Name = YOUR-A5747C8268 | Source = Application Error | ID = 1000
Description = Faulting application remind_xp.exe, version 1.0.3.0, faulting module
remind_xp.exe, version 1.0.3.0, fault address 0x000160bf.

Error - 11/27/2010 8:49:27 PM | Computer Name = YOUR-A5747C8268 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/27/2010 8:49:27 PM | Computer Name = YOUR-A5747C8268 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/27/2010 8:51:00 PM | Computer Name = YOUR-A5747C8268 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/27/2010 8:51:00 PM | Computer Name = YOUR-A5747C8268 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/27/2010 8:52:27 PM | Computer Name = YOUR-A5747C8268 | Source = Application Error | ID = 1000
Description = Faulting application remind_xp.exe, version 1.0.3.0, faulting module
remind_xp.exe, version 1.0.3.0, fault address 0x000160bf.

[ System Events ]
Error - 11/27/2010 6:46:53 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 11/27/2010 6:46:54 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7031
Description = The AOL TopSpeed Monitor service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 11/27/2010 6:47:29 PM | Computer Name = YOUR-A5747C8268 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AOL TopSpeed Monitor
service to connect.

Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7034
Description = The McAfee SpamKiller Server service terminated unexpectedly. It
has done this 1 time(s).

Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7034
Description = The PrismXL service terminated unexpectedly. It has done this 1 time(s).

Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7034
Description = The McAfee Task Scheduler service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7034
Description = The McAfee WSC Integration service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/27/2010 6:49:56 PM | Computer Name = YOUR-A5747C8268 | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Run the configured recovery program.


< End of report >
 
Good news :)

Update your Java version: http://java.com/en/download/index.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java installations...

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

===================================================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

=====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
PRC - [2005/10/11 12:47:58 | 002,168,360 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)


:Services

:Reg

:Files
C:\Program Files\BigFix


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans....

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=======================================================

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

========================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • IMPORTANT! UN-check Remove found threats
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
 
Sigh I found the Unchecking of Remove threats, but after the scan finished it said No thread was found then only option was uninstall application. No option to List found threads or export to text file.

Here are the Logs for now

OTL:


All processes killed
========== OTL ==========
No active process named bigfix.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk moved successfully.
C:\Program Files\BigFix\bigfix.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\BigFix\__Data\__Global\Logs folder moved successfully.
C:\Program Files\BigFix\__Data\__Global folder moved successfully.
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp folder moved successfully.
C:\Program Files\BigFix\__Data\BigFix\__Local\Get folder moved successfully.
C:\Program Files\BigFix\__Data\BigFix\__Local folder moved successfully.
C:\Program Files\BigFix\__Data\BigFix\__Download folder moved successfully.
C:\Program Files\BigFix\__Data\BigFix folder moved successfully.
C:\Program Files\BigFix\__Data folder moved successfully.
C:\Program Files\BigFix\Lib\Inspectors folder moved successfully.
C:\Program Files\BigFix\Lib folder moved successfully.
C:\Program Files\BigFix folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: Owner.YOUR-A5747C8268
->Temp folder emptied: 9339942 bytes
->Temporary Internet Files folder emptied: 107727 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18676773 bytes
->Google Chrome cache emptied: 79983553 bytes
->Flash cache emptied: 1653 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 103.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

User: Owner.YOUR-A5747C8268
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11272010_222345

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...



Checkup.txt:


Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

FoxitReaderInstallation.png


make sure, you have both boxes UN-checked AND (important!) click on Decline button

=======================================================================

You need to update Internet Explorer to at least version 7. Version 6 is obsolete and thus dangerous.
You need to install Service Pack 3.

======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
My computers working real smooth now, no more error reports, working faster, less delay, It's awesome! Thanks.

Here the log report for OTL:


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: Owner.YOUR-A5747C8268
->Temp folder emptied: 431594 bytes
->Temporary Internet Files folder emptied: 21689798 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 195937030 bytes
->Flash cache emptied: 2660 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 27496771 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3541 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 234.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

User: Owner.YOUR-A5747C8268
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.17.3 log created on 11282010_130308

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
397
trparky
T
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back