Persistent Windows Repair and Google Redirect Malware

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Persistent Windows Repair and Google Redirect Malware - Likely Additional Infection Deteriorating System Function - Possible RootKit Issues

#1 ThreeCards

New Member

Group: Members
Posts: 9
Joined: 28-March 11

Posted 28 March 2011 - 08:42 PM

I've been unable to remove the Google Redirect Malware for quite some time (4-6 months+). Windows Repair and similar Malware will infect my PC every 4-6 weeks and wreak havoc. After the latest infection (which I treated by dropping to safe mode and cleaning with Malware Bytes, CCleaner, SpyBot, Stinger, Advanced SystemCare, TDSSKiller, and Avast!) many programs are having issues or have ceased functioning including Starcraft II and Microsoft Silverlight (crashing when I try to watch NetFlix). Re-installing these programs has not helped. Also, iexplore.exe has been starting randomly by itself, taking up loads of memory. I can't seem to ever get my PC 100% cleaned with an effective security system set up.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 19:17:23.07 on Mon 03/28/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1374 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\My bleep\dds.com
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mExplorerRun: [Fgnv] c:\windows\system32\c_9362.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\p7a52ux4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {962C4D28-7A46-40BC-B152-A1B1DF0D8655} - c:\documents and settings\owner\local settings\application data\{962C4D28-7A46-40BC-B152-A1B1DF0D8655}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-27 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-27 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-27 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-27 42184]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\owner\locals~1\temp\bdmusicb.sys --> c:\docume~1\owner\locals~1\temp\bDMusicb.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-28 12:22:33 -------- d-----w- c:\program files\StarCraft II
2011-03-28 01:50:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-28 01:36:28 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-28 01:36:11 40648 ----a-w- c:\windows\avastSS.scr
2011-03-28 01:35:59 -------- d-----w- c:\program files\AVAST Software
2011-03-28 01:35:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-03-28 00:35:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-28 00:35:52 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-02-22 16:04:27 240608 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-02-22 16:04:27 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-02-22 15:57:05 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:22:14.18 ===============

Attached File(s)

Attach.txt (17.42K)
Number of downloads: 0

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 31 March 2011 - 04:36 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

You have a Firefox infection. I'll remove it below, which should stop the redirects from occurring in Firefox.

NEXT:

Running OTM

We need to execute an OTM script

Please download OTM by OldTimer and save it to your desktop.
Double click the icon on your desktop.

Paste the following code under the Posted Image

area. Do not include the word "Code".

:Processes
:Services
:Reg
:Files
c:\documents and settings\owner\local settings\application data\{962C4D28-7A46-40BC-B152-A1B1DF0D8655}
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[resethosts]
[createrestorepoint]

Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

NEXT:

Running OTL

We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

NEXT:

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)

Link 2 (zipped file)

Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 ThreeCards

New Member

Group: Members
Posts: 9
Joined: 28-March 11

Posted 31 March 2011 - 06:43 PM

I appreciate the aid. Dealing with a malfunctioning computer has been very frustrating and I've hit the end of my knowledge on how to fix it. I will post all four logs in the order you asked for them (OTM -> OTL -> Extra -> Report).

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\documents and settings\owner\local settings\application data\{962C4D28-7A46-40BC-B152-A1B1DF0D8655}\chrome\content folder moved successfully.
c:\documents and settings\owner\local settings\application data\{962C4D28-7A46-40BC-B152-A1B1DF0D8655}\chrome folder moved successfully.
c:\documents and settings\owner\local settings\application data\{962C4D28-7A46-40BC-B152-A1B1DF0D8655} folder moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.AUSTIN-61E6B147
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.AUSTIN-61E6B147.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 2571662 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 240821 bytes

User: NetworkService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 677511 bytes

User: Owner
->Temp folder emptied: 6540318 bytes
->Temporary Internet Files folder emptied: 68586429 bytes
->Java cache emptied: 9751 bytes
->FireFox cache emptied: 100514426 bytes
->Flash cache emptied: 8495 bytes

User: veronica
->Temp folder emptied: 5267 bytes
->Temporary Internet Files folder emptied: 42745 bytes
->FireFox cache emptied: 75943538 bytes
->Flash cache emptied: 974 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2395885 bytes
%systemroot%\System32 .tmp files removed: 2832913 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49632 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 103208536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 58530 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 347.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.17.2 log created on 03312011_182556

Files moved on Reboot...
File C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

OTL logfile created on: 3/31/2011 6:30:12 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 42.52 Gb Free Space | 57.05% Space Free | Partition Type: NTFS

Computer Name: AUSTIN-61E6B147 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 18:29:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/03/29 19:32:13 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/20 17:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/03/31 18:29:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004/09/29 14:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/06/15 22:01:50 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/06/15 22:01:50 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/05/28 17:36:58 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/01/29 19:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006/08/11 16:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 16:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 16:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 16:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 16:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 16:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 16:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 16:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 16:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/06/14 15:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2006/03/09 16:25:54 | 000,143,872 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/11/18 14:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 14:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/10 19:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/11/07 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 07:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1177238915-515967899-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1177238915-515967899-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - HKLM\software\mozilla\Firefox\Extensions\\{962C4D28-7A46-40BC-B152-A1B1DF0D8655}: C:\Documents and Settings\Owner\Local Settings\Application Data\{962C4D28-7A46-40BC-B152-A1B1DF0D8655}
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/27 20:36:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 19:32:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 19:32:23 | 000,000,000 | ---D | M]

[2009/10/02 02:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/03/31 17:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p7a52ux4.default\extensions
[2010/06/26 16:40:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p7a52ux4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/31 17:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/27 20:36:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2011/03/31 18:26:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Fgnv = C:\WINDOWS\system32\c_9362.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-515967899-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1177238915-515967899-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-515967899-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/19 20:43:38 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1177238915-515967899-682003330-1003..exefile [open] -- "%1" %*
O36 - AppCertDlls: DivX2bin - (C:\WINDOWS\system32\loganet.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1177238915-515967899-682003330-1003\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/31 18:29:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/03/31 18:25:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/03/31 18:24:03 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2011/03/28 19:39:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/03/28 19:15:15 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/03/28 17:33:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/03/28 08:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\StarCraft II
[2011/03/28 07:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2011/03/28 07:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\StarCraft II
[2011/03/28 07:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\StarCraft II
[2011/03/28 07:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/28 07:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/03/27 20:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/27 20:36:31 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/27 20:36:31 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/27 20:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/27 20:36:28 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/27 20:36:28 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/27 20:36:28 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/27 20:36:28 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/27 20:36:28 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/27 20:36:28 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/27 20:36:11 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/27 20:36:09 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/27 20:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/27 20:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2006/08/11 16:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/08/11 16:43:00 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

========== Files - Modified Within 30 Days ==========

[2011/03/31 18:29:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/03/31 18:27:48 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\a80b8cac.job
[2011/03/31 18:27:48 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\61148413.job
[2011/03/31 18:27:47 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/03/31 18:27:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/31 18:26:52 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/03/31 18:26:52 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/03/31 18:26:52 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/03/31 18:26:51 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/03/31 18:26:51 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/03/31 18:26:51 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/03/31 18:26:51 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/03/31 18:26:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/31 18:23:58 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2011/03/30 18:23:32 | 004,310,058 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/03/28 19:39:36 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to dds.pif
[2011/03/28 19:38:15 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/03/28 19:15:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/03/28 17:34:08 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CClean 3-24.reg
[2011/03/28 08:40:08 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2011/03/28 07:03:24 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/27 21:52:28 | 000,000,550 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Stinger.lnk
[2011/03/27 20:36:31 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/27 20:36:28 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/27 20:20:39 | 000,005,790 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl
[2011/03/27 20:20:39 | 000,005,790 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl
[2011/03/27 11:55:11 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/03/27 09:05:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/27 01:10:20 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19521332r
[2011/03/27 01:10:20 | 000,000,080 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19521332
[2011/03/22 20:18:17 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/20 17:07:56 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/03/13 10:30:09 | 000,591,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 10:30:09 | 000,114,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/08 20:50:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011/03/30 18:23:33 | 004,310,058 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/03/28 19:39:36 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to dds.pif
[2011/03/28 19:39:11 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/03/28 19:38:18 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/03/28 17:34:05 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\CClean 3-24.reg
[2011/03/28 07:22:33 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2011/03/28 07:03:24 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/27 21:52:28 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Stinger.lnk
[2011/03/27 20:36:31 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/27 20:10:43 | 000,005,790 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl
[2011/03/27 20:10:43 | 000,005,790 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl
[2011/03/27 01:10:20 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332r
[2011/03/27 01:10:19 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332
[2010/10/25 17:52:32 | 000,240,608 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/25 17:52:29 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/25 17:52:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/05 16:18:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SecurDoc.INI
[2010/09/28 10:34:16 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/24 15:17:34 | 000,093,568 | ---- | C] () -- C:\WINDOWS\System32\WUNZIP32.DLL
[2010/08/24 15:13:36 | 000,406,912 | ---- | C] () -- C:\WINDOWS\System32\FtisUtil.dll
[2010/08/17 19:08:47 | 000,011,700 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/07/19 01:01:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\irudapesanuk.dll
[2010/07/18 22:59:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akitedabexobe.dll
[2010/07/18 20:57:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipeyulexaheq.dll
[2010/07/18 18:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eqeteriw.dll
[2010/07/18 16:53:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyofosiziwawazu.dll
[2010/07/18 14:50:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\olixifivufepov.dll
[2010/07/18 12:48:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\edunisixeji.dll
[2010/07/18 10:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oxubazuko.dll
[2010/07/18 08:45:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isosesoxika.dll
[2010/07/18 06:43:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osakesuh.dll
[2010/07/18 04:41:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozesiwoj.dll
[2010/07/18 02:39:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukezuxahowi.dll
[2010/07/18 00:37:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azebeguy.dll
[2010/07/17 22:34:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azagarobifamaves.dll
[2010/07/17 20:32:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\urupozan.dll
[2010/07/17 18:31:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aquhopira.dll
[2010/07/17 16:28:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asazagovagifob.dll
[2010/07/17 14:27:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ucureyesubasebiw.dll
[2010/07/17 12:24:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\evipamepozadu.dll
[2010/07/17 10:23:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\urakobil.dll
[2010/07/17 08:21:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogudomip.dll
[2010/07/17 06:18:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aqaxebodamujumu.dll
[2010/07/17 04:16:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iroquyepiyij.dll
[2010/07/17 02:14:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufatucej.dll
[2010/07/17 00:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ototucejaqa.dll
[2010/07/16 22:10:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acexanimifi.dll
[2010/07/16 20:09:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewixixoy.dll
[2010/07/16 18:07:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ahegodobuvo.dll
[2010/07/16 16:05:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icojudul.dll
[2010/07/16 14:03:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\olanuveruqapiwes.dll
[2010/07/16 12:01:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ayehilofejinur.dll
[2010/07/16 09:58:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epupelepixoxiwak.dll
[2010/07/16 07:57:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epobowix.dll
[2010/07/16 05:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzeyofikahasafo.dll
[2010/07/16 03:53:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acumirux.dll
[2010/07/16 01:51:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izaciwiq.dll
[2010/07/15 23:49:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\apatabejuyokuy.dll
[2010/07/15 21:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otucuhuhone.dll
[2010/07/15 19:44:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eyemuzageyabe.dll
[2010/07/15 17:42:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\irobazob.dll
[2010/07/15 15:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\edikilugoqoralo.dll
[2010/07/15 13:38:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibefatufoqiwuhu.dll
[2010/07/15 11:37:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejazapow.dll
[2010/07/15 09:35:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\apuwidumuhifopa.dll
[2010/07/15 07:33:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\umisuhar.dll
[2010/07/15 05:30:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\esiricoxepodat.dll
[2010/07/15 03:29:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ofogozavo.dll
[2010/07/15 01:27:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyomozol.dll
[2010/07/14 23:24:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osomecah.dll
[2010/07/14 21:23:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihujokiq.dll
[2010/07/14 19:21:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibajipataxuh.dll
[2010/07/14 11:10:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ayolopoc.dll
[2010/07/10 05:38:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/05/31 22:37:10 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tjicamod.dat
[2010/05/31 22:37:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bdobitix.bin
[2010/05/20 04:13:18 | 000,845,268 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Fallen Earth_2.47.0.11_2010-05-20-09-13.dmp
[2010/05/02 00:35:44 | 000,134,669 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\icarus-dxdiag.xml
[2010/04/19 02:03:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/04/19 02:03:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/04/19 02:03:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/02/15 03:13:15 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/14 13:39:45 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/07/23 22:03:40 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/11 18:07:56 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/04/11 00:36:58 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\nvrsth.dll
[2009/04/11 00:23:26 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/04/11 00:23:05 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
[2008/09/30 21:19:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/23 21:12:28 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 19:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/26 17:31:00 | 000,106,279 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2008/08/26 17:31:00 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2008/08/14 01:09:34 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/13 22:30:59 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2008/08/13 22:20:39 | 000,050,040 | ---- | C] () -- C:\WINDOWS\System32\ptPTT.dat
[2008/08/13 22:20:39 | 000,000,308 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2008/08/01 16:40:53 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/06/27 00:14:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/25 02:52:21 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/06/25 02:52:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/06/25 02:52:21 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/06/15 22:33:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/06/15 22:01:50 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/06/15 22:01:50 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/04/20 16:29:01 | 000,000,269 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/20 16:25:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/19 20:45:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/19 20:41:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/19 08:36:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/19 08:35:42 | 000,164,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/11 16:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/11 16:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/11 16:49:24 | 000,323,640 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/08/11 16:49:24 | 000,044,567 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/08/11 16:45:18 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/08/11 16:45:08 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2006/08/11 16:43:26 | 000,265,042 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2006/08/11 16:43:20 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/11 16:43:18 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/11 16:43:04 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/08/11 16:43:04 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/08/11 16:43:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2006/05/23 14:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/11/28 19:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/16 20:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,591,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,114,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

OTL Extras logfile created on: 3/31/2011 6:30:12 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 42.52 Gb Free Space | 57.05% Space Free | Partition Type: NTFS

Computer Name: AUSTIN-61E6B147 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1177238915-515967899-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\Mshtml.dll,PrintHTML "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe" = C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2 -- (THQ Canada Inc.)
"C:\Games\StarCraft II\StarCraft II.exe" = C:\Games\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher
"C:\Games\StarCraft II\Versions\Base18092\SC2.exe" = C:\Games\StarCraft II\Versions\Base18092\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Microsoft Silverlight\4.0.60129.0\Silverlight.Configuration.exe" = C:\Program Files\Microsoft Silverlight\4.0.60129.0\Silverlight.Configuration.exe:*:Enabled:Microsoft Silverlight -- (Microsoft Corporation)
"C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & Officejet 5.3.B Corporate Edition
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AE88EB3E-75EA-4484-8296-7D1446248A4F}" = Sybase SQL Anywhere 9 Personal Server
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate™ II - Throne of Bhaal ™
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C549017A-FFAB-4679-9112-26E83DD82DB5}" = Enterprise
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D9C5B0A6-806B-41BA-9422-5EC97A3FB619}" = FTIS-MSI
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AudioConSole" = Creative Audio Console
"avast" = avast! Free Antivirus
"Baldur's Gate" = Baldur's Gate
"CCleaner" = CCleaner
"DivX Free Codec" = DivX Free Codec
"Game Booster_is1" = Game Booster
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{D9C5B0A6-806B-41BA-9422-5EC97A3FB619}" = Field Technology Illustration System
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 15620" = WarhammerÂ® 40,000â„¢: Dawn of WarÂ® II
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1177238915-515967899-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/11/2010 3:05:23 AM | Computer Name = AUSTIN-61E6B147 | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 12/11/2010 3:05:39 AM | Computer Name = AUSTIN-61E6B147 | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 12/19/2010 8:46:31 PM | Computer Name = AUSTIN-61E6B147 | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 12/19/2010 8:46:31 PM | Computer Name = AUSTIN-61E6B147 | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 12/19/2010 8:46:31 PM | Computer Name = AUSTIN-61E6B147 | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 12/19/2010 8:46:31 PM | Computer Name = AUSTIN-61E6B147 | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 12/19/2010 8:46:31 PM | Computer Name = AUSTIN-61E6B147 | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 1/16/2011 8:12:01 PM | Computer Name = AUSTIN-61E6B147 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 3/27/2011 9:11:23 PM | Computer Name = AUSTIN-61E6B147 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 3/28/2011 7:38:32 PM | Computer Name = AUSTIN-61E6B147 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module agcore.dll, version 4.0.60129.0, fault address 0x005103f6.

[ OSession Events ]
Error - 12/2/2009 1:57:22 AM | Computer Name = AUSTIN-61E6B147 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4104
seconds with 1440 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/28/2011 8:11:31 AM | Computer Name = AUSTIN-61E6B147 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/28/2011 8:11:32 AM | Computer Name = AUSTIN-61E6B147 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/28/2011 8:11:32 AM | Computer Name = AUSTIN-61E6B147 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/28/2011 8:11:32 AM | Computer Name = AUSTIN-61E6B147 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/28/2011 6:32:27 PM | Computer Name = AUSTIN-61E6B147 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/28/2011 6:33:27 PM | Computer Name = AUSTIN-61E6B147 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSnx aswSP aswTdi EIO_XP Fips intelppm SASDIFSV SASKUTIL

Error - 3/28/2011 6:33:54 PM | Computer Name = AUSTIN-61E6B147 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/28/2011 6:33:55 PM | Computer Name = AUSTIN-61E6B147 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/28/2011 7:25:18 PM | Computer Name = AUSTIN-61E6B147 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/31/2011 7:25:56 PM | Computer Name = AUSTIN-61E6B147 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

< End of report >

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xB5DB6000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 9625600 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 260.99 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6361088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 260.99 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB5C10000 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)
0xB14B9000 C:\WINDOWS\system32\drivers\ha10kx2k.sys 1064960 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0xB7E92000 iaStor.sys 749568 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xB13C9000 C:\WINDOWS\system32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xB5B7B000 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)
0xB7D76000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB5B01000 C:\WINDOWS\system32\drivers\ctaud2k.sys 499712 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xB1093000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB08E1000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 385024 bytes (AVAST Software, avast! Virtualization Driver)
0xB5A10000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB1178000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8820000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB093F000 C:\WINDOWS\System32\Drivers\aswSP.SYS 294912 bytes (AVAST Software, avast! self protection module)
0xBD623000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA88C8000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes
0xA8537000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB5AAA000 C:\WINDOWS\system32\drivers\ctoss2k.sys 208896 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB148C000 C:\WINDOWS\system32\drivers\emupia2k.sys 184320 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xA894A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7D49000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA80A1000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB1103000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB15BD000 C:\WINDOWS\system32\drivers\hap16v2k.sys 172032 bytes (Creative Technology Ltd, Creative EMU10KX-P16v HAL (WDM))
0xB1150000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB1465000 C:\WINDOWS\system32\drivers\ctsfm2k.sys 159744 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xB106D000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB5D7E000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 147456 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xB5ADD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB5D5A000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB5D37000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB112E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7E42000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7D2F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7E7A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA8B60000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB7E62000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xA890B000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xB7E03000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB5A7F000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8B78000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA8B4A000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB7E1A000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA8AE5000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB5A96000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB5DA2000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB11D1000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7E30000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB5A6E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAF8C6000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB6E32000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB8138000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB80A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB6E52000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB28C8000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB6E62000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8298000 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)
0xB6E22000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9A52000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8168000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB6E12000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB6DF2000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB28E8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB6E42000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB6E02000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB2908000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xB6807000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xB80C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB8148000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB6DD2000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAFA66000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8288000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB6DE2000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB28F8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB086E000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB8118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB28D8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xB83B8000 C:\WINDOWS\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xB83B0000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB8348000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB83A0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8440000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xB84A8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB8328000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB29F8000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xB84A0000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xB83D8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB83A8000 C:\WINDOWS\system32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
0xB83E0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB8398000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB84B0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8350000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xA991D000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes
0xB8340000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB83C8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB83D0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB83C0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8418000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB7AEA000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB7CE6000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7CEE000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xB7AD2000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAAFA6000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB7AE2000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB1051000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA999E000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB7AEE000 C:\WINDOWS\system32\drivers\EIO_XP.sys 12288 bytes (ASUSTeK Computer Inc., ASUS Kernel Mode Driver for NT )
0xB7AE6000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xB7ADE000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xB2890000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB1065000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7ADA000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB7CCA000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8632000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85E8000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xB8600000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xB8630000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85AC000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8634000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB85D6000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xB8636000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85EA000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8620000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB8692000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xAD9E6000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xB8703000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB87BD000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x89F23A9B Unknown page with executable code, 1381 bytes
0x89F22288 Unknown page with executable code, 3448 bytes
0x89F2419B Unknown page with executable code, 3685 bytes
0xB80E8000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
0x89F26E84 Unknown thread object [ ETHREAD 0x89ED7DA8 ] TID: 168, 600 bytes
0x89F29084 Unknown thread object [ ETHREAD 0x8A917358 ] TID: 172, 600 bytes
0x89F2815A Unknown thread object [ ETHREAD 0x89F0C350 ] , 600 bytes
0x89F26B4F Unknown thread object [ ETHREAD 0x8A8E5760 ] , 600 bytes
0x89F28D58 Unknown page with executable code, 680 bytes

#4 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 31 March 2011 - 06:51 PM

Hi ThreeCards,

You're pretty severely infected.

Lets run a more powerful tool:

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

#5 ThreeCards

New Member

Group: Members
Posts: 9
Joined: 28-March 11

Posted 31 March 2011 - 07:49 PM

Downloaded ComboFix, stopped Avast's real-time shields, and ran ComboFix. I accepted the terms of use and a blue screen came up. A notice came up saying Volsnap-something was infected and that ComboFix would clean it, and the notice automatically dissipated. I've been left with a blank blue ComboFix screen with a blinking cursor for ~15min. Is it working or should I close this session and open it again?

#6 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 31 March 2011 - 07:53 PM

I'd leave ComboFix for a little bit longer (about 30 minutes longer) if it still isn't doing anything exit out of the scan.

You may need to do a hard reboot.

If this is the case run this scan:

Running TDSSKiller

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:

Then try running ComboFix again.

#7 ThreeCards

New Member

Group: Members
Posts: 9
Joined: 28-March 11

Posted 31 March 2011 - 08:27 PM

I had to hard reboot but TDSSKiller and ComboFix ran fine afterwards. TDSS log first than ComboFix.

2011/03/31 20:00:39.0671 3704 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/31 20:00:39.0875 3704 ================================================================================
2011/03/31 20:00:39.0875 3704 SystemInfo:
2011/03/31 20:00:39.0875 3704
2011/03/31 20:00:39.0875 3704 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/31 20:00:39.0875 3704 Product type: Workstation
2011/03/31 20:00:39.0875 3704 ComputerName: AUSTIN-61E6B147
2011/03/31 20:00:39.0875 3704 UserName: Owner
2011/03/31 20:00:39.0875 3704 Windows directory: C:\WINDOWS
2011/03/31 20:00:39.0875 3704 System windows directory: C:\WINDOWS
2011/03/31 20:00:39.0875 3704 Processor architecture: Intel x86
2011/03/31 20:00:39.0875 3704 Number of processors: 1
2011/03/31 20:00:39.0875 3704 Page size: 0x1000
2011/03/31 20:00:39.0875 3704 Boot type: Normal boot
2011/03/31 20:00:39.0875 3704 ================================================================================
2011/03/31 20:00:40.0265 3704 Initialize success
2011/03/31 20:01:06.0375 3964 ================================================================================
2011/03/31 20:01:06.0375 3964 Scan started
2011/03/31 20:01:06.0375 3964 Mode: Manual;
2011/03/31 20:01:06.0375 3964 ================================================================================
2011/03/31 20:01:06.0531 3964 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/03/31 20:01:06.0796 3964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/31 20:01:06.0906 3964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/31 20:01:07.0062 3964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/31 20:01:07.0187 3964 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/31 20:01:07.0484 3964 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/31 20:01:07.0718 3964 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys
2011/03/31 20:01:07.0765 3964 ASUSVRC (94442e3029ff6c9f08140fe6718af4fb) C:\WINDOWS\system32\DRIVERS\AsusVRC.sys
2011/03/31 20:01:07.0843 3964 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/03/31 20:01:07.0906 3964 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/03/31 20:01:07.0984 3964 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/03/31 20:01:08.0109 3964 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/03/31 20:01:08.0187 3964 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/03/31 20:01:08.0250 3964 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/03/31 20:01:08.0328 3964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/31 20:01:08.0484 3964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/31 20:01:08.0671 3964 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/03/31 20:01:08.0765 3964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/31 20:01:08.0875 3964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/31 20:01:08.0984 3964 b57w2k (8c0403aa21029804f31d869e6b0adedf) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/03/31 20:01:09.0234 3964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/31 20:01:09.0359 3964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/31 20:01:09.0468 3964 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/31 20:01:09.0625 3964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/31 20:01:09.0671 3964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/31 20:01:09.0750 3964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/31 20:01:09.0859 3964 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/03/31 20:01:10.0156 3964 ctac32k (fb06bb39860340c6fa84867f0288d1dd) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/03/31 20:01:10.0296 3964 ctaud2k (b810fa12cf726b200e057834eaebb1ac) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/03/31 20:01:10.0390 3964 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/03/31 20:01:10.0546 3964 ctprxy2k (1fa95c8cf34b9911e352a07ea7a200fc) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/03/31 20:01:10.0625 3964 ctsfm2k (400cb754b91f73bee2655686a57269d2) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/03/31 20:01:10.0796 3964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/31 20:01:10.0906 3964 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/03/31 20:01:10.0968 3964 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/03/31 20:01:11.0109 3964 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/03/31 20:01:11.0218 3964 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/03/31 20:01:11.0343 3964 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/03/31 20:01:11.0406 3964 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/03/31 20:01:11.0500 3964 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/03/31 20:01:11.0593 3964 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/03/31 20:01:11.0703 3964 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/03/31 20:01:11.0812 3964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/31 20:01:11.0937 3964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/31 20:01:12.0015 3964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/31 20:01:12.0109 3964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/31 20:01:12.0265 3964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/31 20:01:12.0375 3964 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/03/31 20:01:12.0406 3964 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/03/31 20:01:12.0500 3964 EIO_XP (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO_XP.sys
2011/03/31 20:01:12.0609 3964 emupia (7bb488ec082d40645936d9e583f560dc) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/03/31 20:01:12.0734 3964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/31 20:01:12.0781 3964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/31 20:01:12.0906 3964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/31 20:01:12.0953 3964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/31 20:01:13.0078 3964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/31 20:01:13.0187 3964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/31 20:01:13.0312 3964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/31 20:01:13.0375 3964 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/03/31 20:01:13.0515 3964 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/31 20:01:13.0562 3964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/31 20:01:13.0718 3964 ha10kx2k (9bb84b1dff8bce7fdddea746f6819fcf) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/03/31 20:01:13.0765 3964 hap16v2k (1418833169b29780fbdab127623b8767) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/03/31 20:01:13.0890 3964 hap17v2k (8b3148391dc121d96d513785d588e75b) C:\WINDOWS\system32\drivers\hap17v2k.sys
2011/03/31 20:01:13.0953 3964 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/31 20:01:14.0187 3964 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/31 20:01:14.0312 3964 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/31 20:01:14.0375 3964 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/31 20:01:14.0500 3964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/31 20:01:14.0703 3964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/31 20:01:14.0765 3964 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/03/31 20:01:14.0890 3964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/31 20:01:15.0062 3964 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/03/31 20:01:15.0156 3964 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/03/31 20:01:15.0265 3964 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/03/31 20:01:15.0343 3964 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/31 20:01:15.0406 3964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/31 20:01:15.0484 3964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/31 20:01:15.0593 3964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/31 20:01:15.0671 3964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/31 20:01:15.0765 3964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/31 20:01:15.0890 3964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/31 20:01:15.0953 3964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/31 20:01:16.0046 3964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/31 20:01:16.0125 3964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/31 20:01:16.0218 3964 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/31 20:01:16.0296 3964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/31 20:01:16.0406 3964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/31 20:01:16.0578 3964 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/03/31 20:01:16.0687 3964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/31 20:01:16.0765 3964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/31 20:01:16.0890 3964 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/31 20:01:16.0968 3964 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/03/31 20:01:17.0062 3964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/31 20:01:17.0140 3964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/31 20:01:17.0250 3964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/31 20:01:17.0390 3964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/31 20:01:17.0515 3964 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/31 20:01:17.0609 3964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/31 20:01:17.0703 3964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/31 20:01:17.0750 3964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/31 20:01:17.0859 3964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/31 20:01:17.0937 3964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/31 20:01:18.0031 3964 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/31 20:01:18.0156 3964 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/31 20:01:18.0265 3964 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/31 20:01:18.0421 3964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/31 20:01:18.0515 3964 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/31 20:01:18.0640 3964 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/31 20:01:18.0765 3964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/31 20:01:18.0843 3964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/31 20:01:18.0968 3964 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/31 20:01:19.0093 3964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/31 20:01:19.0187 3964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/31 20:01:19.0281 3964 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/31 20:01:19.0375 3964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/31 20:01:19.0484 3964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/31 20:01:19.0640 3964 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/03/31 20:01:19.0718 3964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/31 20:01:20.0062 3964 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/31 20:01:20.0421 3964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/31 20:01:20.0468 3964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/31 20:01:20.0562 3964 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/31 20:01:20.0703 3964 ossrv (01e1ab8249f9dde5978c6b4af18eda7c) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/03/31 20:01:20.0781 3964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/31 20:01:20.0843 3964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/31 20:01:20.0906 3964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/31 20:01:20.0984 3964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/31 20:01:21.0156 3964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/03/31 20:01:21.0234 3964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/31 20:01:21.0453 3964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/31 20:01:21.0531 3964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/31 20:01:21.0609 3964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/31 20:01:21.0703 3964 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/31 20:01:22.0078 3964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/31 20:01:22.0171 3964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/31 20:01:22.0281 3964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/31 20:01:22.0359 3964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/31 20:01:22.0453 3964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/31 20:01:22.0546 3964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/31 20:01:22.0656 3964 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/31 20:01:22.0703 3964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/31 20:01:22.0875 3964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/31 20:01:22.0968 3964 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/31 20:01:23.0078 3964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/31 20:01:23.0187 3964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/31 20:01:23.0328 3964 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/31 20:01:23.0500 3964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/31 20:01:23.0593 3964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/31 20:01:23.0718 3964 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/31 20:01:23.0843 3964 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/31 20:01:23.0968 3964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/31 20:01:24.0078 3964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/31 20:01:24.0281 3964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/31 20:01:24.0343 3964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/31 20:01:24.0484 3964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/31 20:01:24.0562 3964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/31 20:01:24.0656 3964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/31 20:01:24.0859 3964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/31 20:01:25.0015 3964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/31 20:01:25.0125 3964 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/31 20:01:25.0218 3964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/31 20:01:25.0296 3964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/31 20:01:25.0359 3964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/31 20:01:25.0453 3964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/31 20:01:25.0515 3964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/31 20:01:25.0609 3964 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/31 20:01:25.0671 3964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/31 20:01:25.0765 3964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/31 20:01:25.0984 3964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/31 20:01:26.0062 3964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/31 20:01:26.0140 3964 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/03/31 20:01:26.0343 3964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/31 20:01:26.0515 3964 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/31 20:01:26.0625 3964 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/31 20:01:26.0750 3964 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/31 20:01:26.0953 3964 ================================================================================
2011/03/31 20:01:26.0953 3964 Scan finished
2011/03/31 20:01:26.0953 3964 ================================================================================
2011/03/31 20:01:36.0796 3624 Deinitialize success

ComboFix 11-03-31.01 - Owner 03/31/2011 20:07:14.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1658 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
c:\documents and settings\veronica\Local Settings\Application Data\{9C015D37-C049-468D-9068-C7A53B0CEE70}
c:\documents and settings\veronica\Local Settings\Application Data\{9C015D37-C049-468D-9068-C7A53B0CEE70}\chrome.manifest
c:\documents and settings\veronica\Local Settings\Application Data\{9C015D37-C049-468D-9068-C7A53B0CEE70}\chrome\content\_cfg.js
c:\documents and settings\veronica\Local Settings\Application Data\{9C015D37-C049-468D-9068-C7A53B0CEE70}\chrome\content\overlay.xul
c:\documents and settings\veronica\Local Settings\Application Data\{9C015D37-C049-468D-9068-C7A53B0CEE70}\install.rdf
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
.
.
2011-03-31 23:25 . 2011-03-31 23:25 -------- d-----w- C:\_OTM
2011-03-29 00:39 . 2011-03-29 00:39 -------- d--h--w- c:\windows\PIF
2011-03-28 12:22 . 2011-04-01 00:00 -------- d-----w- c:\program files\StarCraft II
2011-03-28 12:20 . 2011-03-28 12:20 -------- d-----w- c:\program files\Microsoft Silverlight
2011-03-28 01:50 . 2011-03-28 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-28 01:36 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-28 01:36 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-28 01:36 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-28 01:36 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-28 01:36 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-28 01:36 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-28 01:36 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-28 01:36 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-28 01:36 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-28 01:36 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-28 01:35 . 2011-03-28 01:35 -------- d-----w- c:\program files\AVAST Software
2011-03-28 01:35 . 2011-03-28 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-04-20 01:39 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-04-20 01:39 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-12-16 22:19 2402512 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-11 21:56 17920 -c--a-w- c:\windows\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-08-11 21:56 18944 -c--a-w- c:\windows\system32\CTXFIHLP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 -c--a-w- c:\daemon tools lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Free Codec]
2007-03-30 02:44 274432 -c--a-w- c:\program files\DivX Free Codec\Divx Free Update.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-11-07 12:20 122940 -c--a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 21:20 290088 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 18:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 18:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-05-02 01:31 2938552 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-21 00:23 118784 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 18:30 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-29 01:26 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 12:19 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 04:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"odserv"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"avg8wd"=2 (0x2)
"ATKKeyboardService"=2 (0x2)
"DAUpdaterSvc"=3 (0x3)
"ose"=3 (0x3)
"FreeAgentGoNext Service"=2 (0x2)
"sp_rssrv"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Microsoft Silverlight\\4.0.60129.0\\Silverlight.Configuration.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/27/2011 8:36 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/27/2011 8:36 PM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/27/2011 8:36 PM 19544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\Owner\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\Owner\LOCALS~1\Temp\bDMusicb.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-01 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2009-08-20 22:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\p7a52ux4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-avast5 - c:\progra~1\ALWILS~1\Avast5\avastUI.exe
MSConfigStartUp-CurseClient - c:\program files\Curse\CurseClient.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-Gboqikodadodex - c:\windows\csavfrh.dll
MSConfigStartUp-ISUSPM Startup - c:\progra~1\common~1\instal~1\update~1\isuspm.exe
MSConfigStartUp-MaxMenuMgr - c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
MSConfigStartUp-Mminorucatofokey - c:\windows\oqixulodi.dll
MSConfigStartUp-MqUAIhhYBM - c:\documents and settings\All Users\Application Data\MqUAIhhYBM.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-SMSERIAL - sm56hlpr.exe
MSConfigStartUp-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
MSConfigStartUp-umwvstnr - c:\documents and settings\Owner\Local Settings\Application Data\tawhervwf\icfvfgdtssd.exe
AddRemove-Baldur's Gate - e:\games\Baldur's Gate\Uninst.isu
AddRemove-{29BAD36F-F421-40F8-A128-E03382E59C70} - c:\documents and settings\Owner\Local Settings\Application Data\{5553977E-AF8B-4870-AEB6-53B6C1BC822D}\Sins_of_a_Solar_Empire_setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-31 20:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-515967899-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:9e,a1,41,d9,47,e3,28,63,29,02,0e,04,ef,a9,85,81,95,8d,9c,2b,f9,
aa,8f,9a,da,68,5d,0e,af,8f,aa,09,f1,7a,fe,ea,31,4e,44,64,43,89,4b,d8,01,48,\
"rkeysecu"=hex:3b,55,ab,2b,d2,5d,69,ac,57,eb,a1,9c,09,97,a0,dd
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3544)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2011-03-31 20:25:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-01 01:25
.
Pre-Run: 45,370,941,440 bytes free
Post-Run: 45,273,673,728 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C749848A8556BE3949EB418D224D24F4

#8 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 31 March 2011 - 08:29 PM

How are things running?

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#9 ThreeCards

New Member

Group: Members
Posts: 9
Joined: 28-March 11

Posted 31 March 2011 - 10:32 PM

Things seem to be running well. I can successfully watch movies on NetFlix again, Starcraft II has booted successfully a couple of times, Google has not been redirecting me, and Internet Explorer is not randomly starting invisibly and eating my memory. I will continue to run scans until you feel confident that we've cleared the infection successfully. If possible, I'd also like direction on what (of the many) Malware/Virus scanners to keep on my computer to run periodically and what active shield will help keep this from happening again (Avast seems alright, but it tends to slow down my computer).

I do very much appreciate your time and aid (and the lightning quick responses tonight). Getting things running smoothly has taken a great stressor off my mind. Thank you very much.

MBAM Log -> ESET Log -> Security Check

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6230

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/31/2011 8:40:00 PM
mbam-log-2011-03-31 (20-40-00).txt

Scan type: Quick scan
Objects scanned: 183229
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeatr.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Documents and Settings\veronica\Local Settings\Application Data\{9C015D37-C049-468D-9068-C7A53B0CEE70}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan
C:\System Volume Information\_restore{FEF43F50-867D-4771-A97F-87BBC7203647}\RP165\A0019128.exe a variant of Win32/Kryptik.LZH trojan
C:\System Volume Information\_restore{FEF43F50-867D-4771-A97F-87BBC7203647}\RP174\A0021105.exe a variant of Win32/Kryptik.MAX trojan
C:\System Volume Information\_restore{FEF43F50-867D-4771-A97F-87BBC7203647}\RP174\A0021106.exe a variant of Win32/Kryptik.MAX trojan
C:\_OTM\MovedFiles\03312011_182556\c_documents and settings\owner\local settings\application data\{962C4D28-7A46-40BC-B152-A1B1DF0D8655}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 13
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Adobe Reader 8.2.6
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.16) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

#10 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 01 April 2011 - 07:49 AM

Morning!

Quote

I can successfully watch movies on NetFlix again

YAY! This is great news! Being stuck without being able to watch movieso n Netflix is never a good thing.

The majority of the items detected by ESET are currently in system restore/quarantine and will be dealt with once we clean-up our tools.

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

Go to Start > Control Panel > Add/Remove Programs
Remove ALL instances of Adobe Reader
Re-boot your computer as required.
Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.

NEXT:

Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Microsoft: ‘Unprecedented Wave of Java Exploitation’

Drive-by Trojan preying on out-of-date Java installations

Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Look for "Java Platform, Standard Edition".
Click the "Download JRE" button to the right.
Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
Select your Language: "Multi-language".
Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
Click Continue and the page will refresh.
Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to

> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u24-windows-i586.exe to install the newest version.
If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

NEXT

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeatr.zip
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following bolded text into the textbox.

netsvcs
drivers32
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push the button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

What outstanding issues (if any) are you still experiencing with your computer?

#11 ThreeCards

New Member

Group: Members
Posts: 9
Joined: 28-March 11

Posted 01 April 2011 - 09:48 PM

Thing seem to be running really well. The problems I mentioned originally haven't been happening and the computer itself has been booting and running much faster. Again, I appreciate your time and effort and getting my system all cleaned up. Going to make for a much more enjoyable weekend.

Here are the logs.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeatr.zip moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.AUSTIN-61E6B147
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.AUSTIN-61E6B147.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 1058832930 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 102741541 bytes
->Flash cache emptied: 3441 bytes

User: veronica
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,108.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.AUSTIN-61E6B147

User: Administrator.AUSTIN-61E6B147.000

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

User: veronica
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04012011_213927

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

OTL logfile created on: 4/1/2011 9:42:11 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 42.01 Gb Free Space | 56.37% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 403.47 Gb Free Space | 86.63% Space Free | Partition Type: NTFS

Computer Name: AUSTIN-61E6B147 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 18:29:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/03/29 19:32:13 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 09:08:04 | 003,250,664 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\avast.setup
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/20 17:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/03/31 18:29:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004/09/29 14:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/06/15 22:01:50 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/06/15 22:01:50 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/05/28 17:36:58 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/01/29 19:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006/08/11 16:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 16:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 16:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 16:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 16:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 16:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 16:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 16:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 16:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/06/14 15:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2006/03/09 16:25:54 | 000,143,872 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/11/18 14:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 14:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/10 19:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/11/07 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 07:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{962C4D28-7A46-40BC-B152-A1B1DF0D8655}: C:\Documents and Settings\Owner\Local Settings\Application Data\{962C4D28-7A46-40BC-B152-A1B1DF0D8655}
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/27 20:36:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 19:32:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/01 21:30:45 | 000,000,000 | ---D | M]

[2009/10/02 02:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/04/01 21:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p7a52ux4.default\extensions
[2010/06/26 16:40:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p7a52ux4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/01 21:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/01 21:30:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/27 20:36:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/01 21:30:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/01 21:30:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/01 21:39:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/19 20:43:38 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.asv2 - asusasv2.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - xvidvfw.dll File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/01 21:39:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/01 21:39:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/01 21:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/04/01 21:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/01 21:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/01 21:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2011/04/01 21:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2011/04/01 21:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/04/01 21:03:53 | 007,935,480 | ---- | C] (Foxit Corporation) -- C:\Documents and Settings\Owner\Desktop\FoxitReader431_enu_Setup.exe
[2011/03/31 20:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/31 20:45:58 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/03/31 20:25:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/31 20:05:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/31 20:02:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/31 20:02:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/31 20:02:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/31 20:02:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/31 20:00:23 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/03/31 19:34:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/31 19:33:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/31 18:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Security
[2011/03/31 18:29:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/03/31 18:25:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/03/31 18:24:03 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2011/03/28 19:39:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/03/28 17:33:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/03/28 08:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\StarCraft II
[2011/03/28 07:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2011/03/28 07:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\StarCraft II
[2011/03/28 07:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\StarCraft II
[2011/03/28 07:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/28 07:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/03/27 20:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/27 20:36:31 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/27 20:36:31 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/27 20:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/27 20:36:28 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/27 20:36:28 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/27 20:36:28 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/27 20:36:28 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/27 20:36:28 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/27 20:36:28 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/27 20:36:11 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/27 20:36:09 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/27 20:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/27 20:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2006/08/11 16:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/08/11 16:43:00 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

========== Files - Modified Within 30 Days ==========

[2011/04/01 21:40:35 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/04/01 21:40:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/01 21:39:47 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/04/01 21:39:47 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/04/01 21:39:47 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/04/01 21:39:47 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/04/01 21:39:47 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/04/01 21:39:47 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/01 21:39:47 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/01 21:39:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/01 21:06:11 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/04/01 21:04:28 | 007,935,480 | ---- | M] (Foxit Corporation) -- C:\Documents and Settings\Owner\Desktop\FoxitReader431_enu_Setup.exe
[2011/04/01 20:49:45 | 000,240,608 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/01 20:49:45 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/01 20:49:25 | 000,240,608 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/31 22:30:12 | 000,879,081 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/03/31 20:46:06 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/03/31 20:05:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/31 19:32:14 | 004,310,832 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/03/31 18:36:58 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/03/31 18:29:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/03/31 18:23:58 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2011/03/28 19:39:36 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to dds.pif
[2011/03/28 19:38:15 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/03/28 17:34:08 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CClean 3-24.reg
[2011/03/28 08:40:08 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2011/03/27 20:36:28 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/27 20:20:39 | 000,005,790 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl
[2011/03/27 20:20:39 | 000,005,790 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl
[2011/03/27 11:55:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/27 09:05:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/27 01:10:20 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19521332r
[2011/03/27 01:10:20 | 000,000,080 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19521332
[2011/03/22 20:18:17 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/20 17:07:56 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/03/13 10:30:09 | 000,591,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 10:30:09 | 000,114,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/03/08 20:50:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011/04/01 21:06:11 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/03/31 22:30:11 | 000,879,081 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/03/31 20:05:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/31 20:05:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/31 20:02:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/31 20:02:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/31 20:02:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/31 20:02:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/31 20:02:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/31 18:36:59 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/03/30 18:23:33 | 004,310,832 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/03/28 19:39:36 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to dds.pif
[2011/03/28 19:39:11 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/03/28 19:38:18 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/03/28 17:34:05 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\CClean 3-24.reg
[2011/03/28 07:22:33 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2011/03/27 20:10:43 | 000,005,790 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl
[2011/03/27 20:10:43 | 000,005,790 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl
[2011/03/27 01:10:20 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332r
[2011/03/27 01:10:19 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332
[2010/10/25 17:52:32 | 000,240,608 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/25 17:52:29 | 000,240,608 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/25 17:52:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/05 16:18:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SecurDoc.INI
[2010/09/28 10:34:16 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/24 15:17:34 | 000,093,568 | ---- | C] () -- C:\WINDOWS\System32\WUNZIP32.DLL
[2010/08/24 15:13:36 | 000,406,912 | ---- | C] () -- C:\WINDOWS\System32\FtisUtil.dll
[2010/08/17 19:08:47 | 000,011,700 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/07/19 01:01:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\irudapesanuk.dll
[2010/07/18 22:59:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akitedabexobe.dll
[2010/07/18 20:57:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipeyulexaheq.dll
[2010/07/18 18:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eqeteriw.dll
[2010/07/18 16:53:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyofosiziwawazu.dll
[2010/07/18 14:50:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\olixifivufepov.dll
[2010/07/18 12:48:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\edunisixeji.dll
[2010/07/18 10:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oxubazuko.dll
[2010/07/18 08:45:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isosesoxika.dll
[2010/07/18 06:43:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osakesuh.dll
[2010/07/18 04:41:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozesiwoj.dll
[2010/07/18 02:39:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukezuxahowi.dll
[2010/07/18 00:37:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azebeguy.dll
[2010/07/17 22:34:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azagarobifamaves.dll
[2010/07/17 20:32:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\urupozan.dll
[2010/07/17 18:31:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aquhopira.dll
[2010/07/17 16:28:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asazagovagifob.dll
[2010/07/17 14:27:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ucureyesubasebiw.dll
[2010/07/17 12:24:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\evipamepozadu.dll
[2010/07/17 10:23:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\urakobil.dll
[2010/07/17 08:21:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogudomip.dll
[2010/07/17 06:18:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aqaxebodamujumu.dll
[2010/07/17 04:16:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iroquyepiyij.dll
[2010/07/17 02:14:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufatucej.dll
[2010/07/17 00:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ototucejaqa.dll
[2010/07/16 22:10:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acexanimifi.dll
[2010/07/16 20:09:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewixixoy.dll
[2010/07/16 18:07:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ahegodobuvo.dll
[2010/07/16 16:05:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icojudul.dll
[2010/07/16 14:03:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\olanuveruqapiwes.dll
[2010/07/16 12:01:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ayehilofejinur.dll
[2010/07/16 09:58:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epupelepixoxiwak.dll
[2010/07/16 07:57:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epobowix.dll
[2010/07/16 05:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzeyofikahasafo.dll
[2010/07/16 03:53:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acumirux.dll
[2010/07/16 01:51:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izaciwiq.dll
[2010/07/15 23:49:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\apatabejuyokuy.dll
[2010/07/15 21:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otucuhuhone.dll
[2010/07/15 19:44:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eyemuzageyabe.dll
[2010/07/15 17:42:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\irobazob.dll
[2010/07/15 15:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\edikilugoqoralo.dll
[2010/07/15 13:38:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibefatufoqiwuhu.dll
[2010/07/15 11:37:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejazapow.dll
[2010/07/15 09:35:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\apuwidumuhifopa.dll
[2010/07/15 07:33:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\umisuhar.dll
[2010/07/15 05:30:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\esiricoxepodat.dll
[2010/07/15 03:29:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ofogozavo.dll
[2010/07/15 01:27:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyomozol.dll
[2010/07/14 23:24:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osomecah.dll
[2010/07/14 21:23:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihujokiq.dll
[2010/07/14 19:21:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibajipataxuh.dll
[2010/07/14 11:10:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ayolopoc.dll
[2010/07/10 05:38:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/05/31 22:37:10 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tjicamod.dat
[2010/05/31 22:37:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bdobitix.bin
[2010/05/20 04:13:18 | 000,845,268 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Fallen Earth_2.47.0.11_2010-05-20-09-13.dmp
[2010/05/02 00:35:44 | 000,134,669 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\icarus-dxdiag.xml
[2010/04/19 02:03:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/04/19 02:03:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/04/19 02:03:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/02/15 03:13:15 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/14 13:39:45 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/07/23 22:03:40 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/11 18:07:56 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/04/11 00:36:58 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\nvrsth.dll
[2009/04/11 00:23:26 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/04/11 00:23:05 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
[2008/09/30 21:19:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/23 21:12:28 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 19:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/26 17:31:00 | 000,106,279 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2008/08/26 17:31:00 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2008/08/14 01:09:34 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/13 22:30:59 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2008/08/13 22:20:39 | 000,050,040 | ---- | C] () -- C:\WINDOWS\System32\ptPTT.dat
[2008/08/13 22:20:39 | 000,000,308 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2008/08/01 16:40:53 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/06/27 00:14:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/25 02:52:21 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/06/25 02:52:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/06/25 02:52:21 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/06/15 22:33:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/06/15 22:01:50 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/06/15 22:01:50 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/04/20 16:29:01 | 000,000,269 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/20 16:25:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/19 20:45:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/19 20:41:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/19 08:36:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/19 08:35:42 | 000,164,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/11 16:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/11 16:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/11 16:49:24 | 000,323,640 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/08/11 16:49:24 | 000,044,567 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/08/11 16:45:18 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/08/11 16:45:08 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2006/08/11 16:43:26 | 000,265,042 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2006/08/11 16:43:20 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/11 16:43:18 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/11 16:43:04 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/08/11 16:43:04 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/08/11 16:43:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2006/05/23 14:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/11/28 19:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/16 20:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,591,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,114,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/03/27 12:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/27 20:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/08/14 01:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/06/23 22:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011/01/27 10:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/05/01 20:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/04/05 20:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/02/22 22:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/13 17:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/09/28 11:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2008/06/15 21:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
[2010/04/11 01:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EVEMon
[2011/04/01 21:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2009/08/20 02:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2008/04/21 13:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/17 19:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2009/10/02 02:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2009/09/14 13:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turbine
[2011/04/01 21:40:35 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-24 02:38:45

< End of report >

#12 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 02 April 2011 - 07:55 AM

Hi,

You still seem to have some infected files. Lets remove them with ComboFix. Please Note: ComboFix may prompt you to update, if it does please allow it to do so.

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::

File::
C:\WINDOWS\irudapesanuk.dll
C:\WINDOWS\akitedabexobe.dll
C:\WINDOWS\ipeyulexaheq.dll
C:\WINDOWS\eqeteriw.dll
C:\WINDOWS\oyofosiziwawazu.dll
C:\WINDOWS\olixifivufepov.dll
C:\WINDOWS\edunisixeji.dll
C:\WINDOWS\oxubazuko.dll
C:\WINDOWS\isosesoxika.dll
C:\WINDOWS\osakesuh.dll
C:\WINDOWS\ozesiwoj.dll
C:\WINDOWS\ukezuxahowi.dll
C:\WINDOWS\azebeguy.dll
C:\WINDOWS\azagarobifamaves.dll
C:\WINDOWS\urupozan.dll
C:\WINDOWS\aquhopira.dll
C:\WINDOWS\asazagovagifob.dll
C:\WINDOWS\ucureyesubasebiw.dll
C:\WINDOWS\evipamepozadu.dll
C:\WINDOWS\urakobil.dll
C:\WINDOWS\ogudomip.dll
C:\WINDOWS\aqaxebodamujumu.dll
C:\WINDOWS\iroquyepiyij.dll
C:\WINDOWS\ufatucej.dll
C:\WINDOWS\ototucejaqa.dll
C:\WINDOWS\acexanimifi.dll
C:\WINDOWS\ewixixoy.dll
C:\WINDOWS\ahegodobuvo.dll
C:\WINDOWS\icojudul.dll
C:\WINDOWS\olanuveruqapiwes.dll
C:\WINDOWS\ayehilofejinur.dll
C:\WINDOWS\epupelepixoxiwak.dll
C:\WINDOWS\epobowix.dll
C:\WINDOWS\uzeyofikahasafo.dll
C:\WINDOWS\acumirux.dll
C:\WINDOWS\izaciwiq.dll
C:\WINDOWS\apatabejuyokuy.dll
C:\WINDOWS\otucuhuhone.dll
C:\WINDOWS\eyemuzageyabe.dll
C:\WINDOWS\irobazob.dll
C:\WINDOWS\edikilugoqoralo.dll
C:\WINDOWS\ibefatufoqiwuhu.dll
C:\WINDOWS\ejazapow.dll
C:\WINDOWS\apuwidumuhifopa.dll
C:\WINDOWS\umisuhar.dll
C:\WINDOWS\esiricoxepodat.dll
C:\WINDOWS\ofogozavo.dll
C:\WINDOWS\oyomozol.dll
C:\WINDOWS\osomecah.dll
C:\WINDOWS\ihujokiq.dll
C:\WINDOWS\ibajipataxuh.dll
C:\WINDOWS\ayolopoc.dll
C:\WINDOWS\System32\nvdata.bin
C:\WINDOWS\Tjicamod.dat
C:\WINDOWS\Bdobitix.bin
C:\Documents and Settings\Owner\Local Settings\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl
C:\Documents and Settings\All Users\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl
C:\Documents and Settings\All Users\Application Data\~19521332r
C:\Documents and Settings\All Users\Application Data\~19521332

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

#13 ThreeCards

New Member

Group: Members
Posts: 9
Joined: 28-March 11

Posted 02 April 2011 - 10:44 AM

ComboFix 11-04-01.01 - Owner 04/02/2011 10:28:59.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1612 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\All Users\Application Data\~19521332"
"c:\documents and settings\All Users\Application Data\~19521332r"
"c:\documents and settings\All Users\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl"
"c:\documents and settings\Owner\Local Settings\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl"
"c:\windows\acexanimifi.dll"
"c:\windows\acumirux.dll"
"c:\windows\ahegodobuvo.dll"
"c:\windows\akitedabexobe.dll"
"c:\windows\apatabejuyokuy.dll"
"c:\windows\apuwidumuhifopa.dll"
"c:\windows\aqaxebodamujumu.dll"
"c:\windows\aquhopira.dll"
"c:\windows\asazagovagifob.dll"
"c:\windows\ayehilofejinur.dll"
"c:\windows\ayolopoc.dll"
"c:\windows\azagarobifamaves.dll"
"c:\windows\azebeguy.dll"
"c:\windows\Bdobitix.bin"
"c:\windows\edikilugoqoralo.dll"
"c:\windows\edunisixeji.dll"
"c:\windows\ejazapow.dll"
"c:\windows\epobowix.dll"
"c:\windows\epupelepixoxiwak.dll"
"c:\windows\eqeteriw.dll"
"c:\windows\esiricoxepodat.dll"
"c:\windows\evipamepozadu.dll"
"c:\windows\ewixixoy.dll"
"c:\windows\eyemuzageyabe.dll"
"c:\windows\ibajipataxuh.dll"
"c:\windows\ibefatufoqiwuhu.dll"
"c:\windows\icojudul.dll"
"c:\windows\ihujokiq.dll"
"c:\windows\ipeyulexaheq.dll"
"c:\windows\irobazob.dll"
"c:\windows\iroquyepiyij.dll"
"c:\windows\irudapesanuk.dll"
"c:\windows\isosesoxika.dll"
"c:\windows\izaciwiq.dll"
"c:\windows\ofogozavo.dll"
"c:\windows\ogudomip.dll"
"c:\windows\olanuveruqapiwes.dll"
"c:\windows\olixifivufepov.dll"
"c:\windows\osakesuh.dll"
"c:\windows\osomecah.dll"
"c:\windows\ototucejaqa.dll"
"c:\windows\otucuhuhone.dll"
"c:\windows\oxubazuko.dll"
"c:\windows\oyofosiziwawazu.dll"
"c:\windows\oyomozol.dll"
"c:\windows\ozesiwoj.dll"
"c:\windows\System32\nvdata.bin"
"c:\windows\Tjicamod.dat"
"c:\windows\ucureyesubasebiw.dll"
"c:\windows\ufatucej.dll"
"c:\windows\ukezuxahowi.dll"
"c:\windows\umisuhar.dll"
"c:\windows\urakobil.dll"
"c:\windows\urupozan.dll"
"c:\windows\uzeyofikahasafo.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~19521332
c:\documents and settings\All Users\Application Data\~19521332r
c:\documents and settings\All Users\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl
c:\documents and settings\Owner\Local Settings\Application Data\7d34t16snostcdvlr1fx05d0p28v406d1j3q6fah3hdl
c:\windows\acexanimifi.dll
c:\windows\acumirux.dll
c:\windows\ahegodobuvo.dll
c:\windows\akitedabexobe.dll
c:\windows\apatabejuyokuy.dll
c:\windows\apuwidumuhifopa.dll
c:\windows\aqaxebodamujumu.dll
c:\windows\aquhopira.dll
c:\windows\asazagovagifob.dll
c:\windows\ayehilofejinur.dll
c:\windows\ayolopoc.dll
c:\windows\azagarobifamaves.dll
c:\windows\azebeguy.dll
c:\windows\Bdobitix.bin
c:\windows\edikilugoqoralo.dll
c:\windows\edunisixeji.dll
c:\windows\ejazapow.dll
c:\windows\epobowix.dll
c:\windows\epupelepixoxiwak.dll
c:\windows\eqeteriw.dll
c:\windows\esiricoxepodat.dll
c:\windows\evipamepozadu.dll
c:\windows\ewixixoy.dll
c:\windows\eyemuzageyabe.dll
c:\windows\ibajipataxuh.dll
c:\windows\ibefatufoqiwuhu.dll
c:\windows\icojudul.dll
c:\windows\ihujokiq.dll
c:\windows\ipeyulexaheq.dll
c:\windows\irobazob.dll
c:\windows\iroquyepiyij.dll
c:\windows\irudapesanuk.dll
c:\windows\isosesoxika.dll
c:\windows\izaciwiq.dll
c:\windows\ofogozavo.dll
c:\windows\ogudomip.dll
c:\windows\olanuveruqapiwes.dll
c:\windows\olixifivufepov.dll
c:\windows\osakesuh.dll
c:\windows\osomecah.dll
c:\windows\ototucejaqa.dll
c:\windows\otucuhuhone.dll
c:\windows\oxubazuko.dll
c:\windows\oyofosiziwawazu.dll
c:\windows\oyomozol.dll
c:\windows\ozesiwoj.dll
c:\windows\System32\nvdata.bin
c:\windows\Tjicamod.dat
c:\windows\ucureyesubasebiw.dll
c:\windows\ufatucej.dll
c:\windows\ukezuxahowi.dll
c:\windows\umisuhar.dll
c:\windows\urakobil.dll
c:\windows\urupozan.dll
c:\windows\uzeyofikahasafo.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 02:39 . 2011-04-02 02:39 -------- d-----w- C:\_OTL
2011-04-02 02:35 . 2011-04-02 02:35 -------- d-----w- c:\program files\Common Files\Java
2011-04-02 02:30 . 2011-04-02 02:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-02 02:30 . 2011-04-02 02:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-02 02:30 . 2011-04-02 02:30 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-02 02:30 . 2011-04-02 02:30 -------- d-----w- c:\program files\Java
2011-04-02 02:06 . 2011-04-02 02:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit Software
2011-04-02 02:05 . 2011-04-02 02:05 -------- d-----w- c:\program files\Foxit Software
2011-04-01 01:46 . 2011-04-01 01:46 -------- d-----w- c:\program files\ESET
2011-03-31 23:25 . 2011-03-31 23:25 -------- d-----w- C:\_OTM
2011-03-29 00:39 . 2011-03-29 00:39 -------- d--h--w- c:\windows\PIF
2011-03-28 12:22 . 2011-04-01 01:33 -------- d-----w- c:\program files\StarCraft II
2011-03-28 12:20 . 2011-03-28 12:20 -------- d-----w- c:\program files\Microsoft Silverlight
2011-03-28 01:50 . 2011-03-28 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-28 01:36 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-28 01:36 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-28 01:36 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-28 01:36 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-28 01:36 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-28 01:36 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-28 01:36 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-28 01:36 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-28 01:36 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-28 01:36 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-28 01:35 . 2011-03-28 01:35 -------- d-----w- c:\program files\AVAST Software
2011-03-28 01:35 . 2011-03-28 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-04-20 01:39 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-04-20 01:39 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-12-16 22:19 2402512 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-11 21:56 17920 -c--a-w- c:\windows\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-08-11 21:56 18944 -c--a-w- c:\windows\system32\CTXFIHLP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 -c--a-w- c:\daemon tools lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Free Codec]
2007-03-30 02:44 274432 -c--a-w- c:\program files\DivX Free Codec\Divx Free Update.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-11-07 12:20 122940 -c--a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 21:20 290088 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 18:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 18:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-05-02 01:31 2938552 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-21 00:23 118784 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 18:30 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-29 01:26 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 04:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"odserv"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"avg8wd"=2 (0x2)
"ATKKeyboardService"=2 (0x2)
"DAUpdaterSvc"=3 (0x3)
"ose"=3 (0x3)
"FreeAgentGoNext Service"=2 (0x2)
"sp_rssrv"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Microsoft Silverlight\\4.0.60129.0\\Silverlight.Configuration.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/27/2011 8:36 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/27/2011 8:36 PM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/27/2011 8:36 PM 19544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\Owner\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\Owner\LOCALS~1\Temp\bDMusicb.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-02 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2009-08-20 22:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\p7a52ux4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 10:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-515967899-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:9e,a1,41,d9,47,e3,28,63,29,02,0e,04,ef,a9,85,81,95,8d,9c,2b,f9,
aa,8f,9a,da,68,5d,0e,af,8f,aa,09,f1,7a,fe,ea,31,4e,44,64,43,89,4b,d8,01,48,\
"rkeysecu"=hex:3b,55,ab,2b,d2,5d,69,ac,57,eb,a1,9c,09,97,a0,dd
.
Completion time: 2011-04-02 10:43:31
ComboFix-quarantined-files.txt 2011-04-02 15:43
ComboFix2.txt 2011-04-01 01:25
.
Pre-Run: 44,912,967,680 bytes free
Post-Run: 44,896,735,232 bytes free
.
- - End Of File - - 3C904898F1A04D11B1C08FC3B75F2CE4

#14 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 02 April 2011 - 10:49 AM

Run a new scan with OTL for me and post the log it produces.

#15 ThreeCards

New Member

Group: Members
Posts: 9
Joined: 28-March 11

Posted 02 April 2011 - 12:03 PM

OTL logfile created on: 4/2/2011 11:58:09 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 41.88 Gb Free Space | 56.20% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 403.47 Gb Free Space | 86.63% Space Free | Partition Type: NTFS

Computer Name: AUSTIN-61E6B147 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 18:29:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/20 17:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/03/31 18:29:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004/09/29 14:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/06/15 22:01:50 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/06/15 22:01:50 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/05/28 17:36:58 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/01/29 19:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006/08/11 16:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 16:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 16:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 16:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 16:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 16:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 16:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 16:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 16:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/06/14 15:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2006/03/09 16:25:54 | 000,143,872 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/11/18 14:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 14:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/10 19:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/11/07 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 07:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{962C4D28-7A46-40BC-B152-A1B1DF0D8655}: C:\Documents and Settings\Owner\Local Settings\Application Data\{962C4D28-7A46-40BC-B152-A1B1DF0D8655}
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/27 20:36:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 19:32:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/01 21:30:45 | 000,000,000 | ---D | M]

[2009/10/02 02:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/04/01 21:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p7a52ux4.default\extensions
[2010/06/26 16:40:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p7a52ux4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/01 21:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/01 21:30:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/27 20:36:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/01 21:30:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/01 21:30:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/02 10:38:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/19 20:43:38 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/01 21:39:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/01 21:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/04/01 21:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/01 21:30:45 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/01 21:30:45 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/01 21:30:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/01 21:30:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/01 21:30:45 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/01 21:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/01 21:07:51 | 016,525,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u24-windows-i586.exe
[2011/04/01 21:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2011/04/01 21:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2011/04/01 21:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/04/01 21:03:53 | 007,935,480 | ---- | C] (Foxit Corporation) -- C:\Documents and Settings\Owner\Desktop\FoxitReader431_enu_Setup.exe
[2011/03/31 20:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/31 20:45:58 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/03/31 20:25:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/31 20:05:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/31 20:02:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/31 20:02:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/31 20:02:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/31 20:02:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/31 20:00:23 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/03/31 19:34:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/31 19:33:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/31 18:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Security
[2011/03/31 18:29:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/03/31 18:25:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/03/31 18:24:03 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2011/03/28 19:39:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/03/28 17:33:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/03/28 08:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\StarCraft II
[2011/03/28 07:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2011/03/28 07:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\StarCraft II
[2011/03/28 07:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\StarCraft II
[2011/03/28 07:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/28 07:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/03/27 20:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/27 20:36:31 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/27 20:36:31 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/27 20:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/27 20:36:28 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/27 20:36:28 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/27 20:36:28 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/27 20:36:28 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/27 20:36:28 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/27 20:36:28 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/27 20:36:11 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/27 20:36:09 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/27 20:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/27 20:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2006/08/11 16:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/08/11 16:43:00 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

========== Files - Modified Within 30 Days ==========

[2011/04/02 10:43:41 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/04/02 10:38:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/02 10:25:30 | 004,311,769 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/02 09:51:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/02 01:19:57 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/04/02 01:19:57 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/04/02 01:19:57 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/04/02 01:19:57 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/04/02 01:19:57 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2011/04/02 01:19:57 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/02 01:19:57 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/01 21:30:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/01 21:30:29 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/01 21:30:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/01 21:30:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/01 21:30:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/01 21:08:46 | 016,525,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u24-windows-i586.exe
[2011/04/01 21:06:11 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/04/01 21:04:28 | 007,935,480 | ---- | M] (Foxit Corporation) -- C:\Documents and Settings\Owner\Desktop\FoxitReader431_enu_Setup.exe
[2011/04/01 20:49:45 | 000,240,608 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/01 20:49:45 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/01 20:49:25 | 000,240,608 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/31 22:30:12 | 000,879,081 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/03/31 20:46:06 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/03/31 20:05:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/31 18:36:58 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/03/31 18:29:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/03/31 18:23:58 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2011/03/28 19:39:36 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to dds.pif
[2011/03/28 19:38:15 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/03/28 17:34:08 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CClean 3-24.reg
[2011/03/28 08:40:08 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2011/03/27 20:36:28 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/27 11:55:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/27 09:05:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/22 20:18:17 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/20 17:07:56 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/03/13 10:30:09 | 000,591,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 10:30:09 | 000,114,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/03/08 20:50:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011/04/01 21:06:11 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/03/31 22:30:11 | 000,879,081 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/03/31 20:05:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/31 20:05:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/31 20:02:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/31 20:02:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/31 20:02:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/31 20:02:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/31 20:02:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/31 18:36:59 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/03/30 18:23:33 | 004,311,769 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/03/28 19:39:36 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to dds.pif
[2011/03/28 19:39:11 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/03/28 19:38:18 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/03/28 17:34:05 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\CClean 3-24.reg
[2011/03/28 07:22:33 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010/10/25 17:52:32 | 000,240,608 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/25 17:52:29 | 000,240,608 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/25 17:52:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/05 16:18:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SecurDoc.INI
[2010/09/28 10:34:16 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/24 15:17:34 | 000,093,568 | ---- | C] () -- C:\WINDOWS\System32\WUNZIP32.DLL
[2010/08/24 15:13:36 | 000,406,912 | ---- | C] () -- C:\WINDOWS\System32\FtisUtil.dll
[2010/08/17 19:08:47 | 000,011,700 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/05/20 04:13:18 | 000,845,268 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Fallen Earth_2.47.0.11_2010-05-20-09-13.dmp
[2010/05/02 00:35:44 | 000,134,669 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\icarus-dxdiag.xml
[2010/04/19 02:03:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/04/19 02:03:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/04/19 02:03:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/02/15 03:13:15 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/14 13:39:45 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/07/23 22:03:40 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/11 18:07:56 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/04/11 00:36:58 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\nvrsth.dll
[2009/04/11 00:23:26 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/04/11 00:23:05 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
[2008/09/30 21:19:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/23 21:12:28 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 19:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/26 17:31:00 | 000,106,279 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2008/08/26 17:31:00 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2008/08/14 01:09:34 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/13 22:30:59 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2008/08/13 22:20:39 | 000,050,040 | ---- | C] () -- C:\WINDOWS\System32\ptPTT.dat
[2008/08/13 22:20:39 | 000,000,308 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2008/08/01 16:40:53 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/06/27 00:14:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/25 02:52:21 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/06/25 02:52:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/06/25 02:52:21 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/06/15 22:33:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/06/15 22:01:50 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/06/15 22:01:50 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/04/20 16:29:01 | 000,000,269 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/20 16:25:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/19 20:45:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/19 20:41:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/19 08:36:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/19 08:35:42 | 000,164,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/11 16:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/11 16:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/11 16:49:24 | 000,323,640 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/08/11 16:49:24 | 000,044,567 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/08/11 16:45:18 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/08/11 16:45:08 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2006/08/11 16:43:26 | 000,265,042 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2006/08/11 16:43:20 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/11 16:43:18 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/11 16:43:04 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/08/11 16:43:04 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/08/11 16:43:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2006/05/23 14:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/11/28 19:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/16 20:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,591,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,114,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >